GobyVuls/CVE-2023-0669.md

GoAnywhere MFT Deserialization Vulnerability (CVE-2023-0669)

Vulnerability	GoAnywhere MFT Deserialization Vulnerability (CVE-2023-0669)
Chinese name	GoAnywhere MFT 反序列化漏洞（CVE-2023-0669）
CVSS core	9.8
FOFA Query (click to view the results directly)	banner=".goanywhere.com" || title="GoAnywhere"
Number of assets affected	4399
Description	GoAnywhere MFT is a solution for managing file transfer, which simplifies data exchange between systems, employees, customers and trading partners. It provides centralized control through extensive security settings, detailed audit trails, and helps to process information in files into XML, EDI, CSV, and JSON databases. There is a Java deserialization vulnerability in GoAnywhere MFT. An attacker can use this vulnerability to execute arbitrary code, execute commands on the server, enter memory horses, etc., and obtain server privileges.
Impact	There is a Java deserialization vulnerability in GoAnywhere MFT. An attacker can use this vulnerability to execute arbitrary code, execute commands on the server, enter memory horses, etc., and obtain server privileges.