admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2023-0669.md

Browse Source
This commit is contained in:
之乎者也 2023-04-13 15:27:37 +08:00 committed by GitHub
parent d270898ec2
commit 70972da9fd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2023-0669.md Normal file
View File

@ -0,0 +1,12 @@
## GoAnywhere MFT Deserialization Vulnerability (CVE-2023-0669)
| **Vulnerability** | **GoAnywhere MFT Deserialization Vulnerability (CVE-2023-0669)** |
| :----: | :-----|
| **Chinese name** | GoAnywhere MFT 反序列化漏洞CVE-2023-0669 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [banner=\".goanywhere.com\" \|\| title=\"GoAnywhere\"](https://en.fofa.info/result?qbase64=YmFubmVyPSIuZ29hbnl3aGVyZS5jb20iIHx8IHRpdGxlPSJHb0FueXdoZXJlIg%3D%3D) |
| **Number of assets affected** | 4399 |
| **Description** | GoAnywhere MFT is a solution for managing file transfer, which simplifies data exchange between systems, employees, customers and trading partners. It provides centralized control through extensive security settings, detailed audit trails, and helps to process information in files into XML, EDI, CSV, and JSON databases. There is a Java deserialization vulnerability in GoAnywhere MFT. An attacker can use this vulnerability to execute arbitrary code, execute commands on the server, enter memory horses, etc., and obtain server privileges. |
| **Impact** | There is a Java deserialization vulnerability in GoAnywhere MFT. An attacker can use this vulnerability to execute arbitrary code, execute commands on the server, enter memory horses, etc., and obtain server privileges. |
![](https://s3.bmp.ovh/imgs/2023/04/12/a8aaa327c8938de6.gif)