{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T21:06:41.265","vulnerabilities":[{"cve":{"id":"CVE-2023-0669","sourceIdentifier":"cve@rapid7.com","published":"2023-02-06T20:15:14.300","lastModified":"2025-11-03T15:06:12.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2."},{"lang":"es","value":"Fortra (anteriormente HelpSystems) GoAnywhere MFT presenta una vulnerabilidad de inyección de comandos de preautenticación en el servlet de respuesta a licencias debido a la deserialización de un objeto arbitrario controlado por un atacante. Este problema se solucionó en la versión 7.1.2."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"cisaExploitAdd":"2023-02-10","cisaActionDue":"2023-03-03","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"Fortra GoAnywhere MFT Remote Code Execution Vulnerability","weaknesses":[{"source":"cve@rapid7.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortra:goanywhere_managed_file_transfer:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1.2","matchCriteriaId":"F2CDAD23-E5EA-4830-9D57-5E6BC0E85244"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html","source":"cve@rapid7.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis","source":"cve@rapid7.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft","source":"cve@rapid7.com","tags":["Broken Link","Third Party Advisory"]},{"url":"https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html","source":"cve@rapid7.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/rapid7/metasploit-framework/pull/17607","source":"cve@rapid7.com","tags":["Patch"]},{"url":"https://infosec.exchange/@briankrebs/109795710941843934","source":"cve@rapid7.com","tags":["Mitigation","Third Party Advisory"]},{"url":"https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1","source":"cve@rapid7.com","tags":["Product"]},{"url":"https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/","source":"cve@rapid7.com","tags":["Mitigation","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mft","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory"]},{"url":"https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/rapid7/metasploit-framework/pull/17607","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://infosec.exchange/@briankrebs/109795710941843934","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory"]},{"url":"https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0669","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}