VYPR

GoAnywhere

by GoAnywhere

CVEs (3)

  • CVE-2025-0049Apr 28, 2025
    risk 0.00cvss epss 0.00

    When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0.

  • CVE-2024-25157Aug 14, 2024
    risk 0.00cvss epss 0.01

    An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification.

  • CVE-2021-46830Jul 27, 2022
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain…