Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Fortra — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting Fortra. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Fortra, formerly part of DigiCert, specializes in identity governance and privileged access management solutions, primarily serving enterprise environments requiring strict control over administrative credentials. The company’s software portfolio has historically been associated with a significant volume of security flaws, currently totaling 34 Common Vulnerabilities and Exposures (CVEs). These vulnerabilities predominantly involve remote code execution and cross-site scripting, often stemming from insufficient input validation or improper access controls within web-based administrative interfaces. While specific major public breaches directly attributed to Fortra products remain limited in widespread reporting, the high count of disclosed CVEs indicates persistent challenges in securing legacy codebases and complex privilege escalation mechanisms. Security analysts recommend rigorous patch management and network segmentation to mitigate risks associated with these known weaknesses, ensuring that privileged access tools do not become entry points for broader infrastructure compromise.

Top products by Fortra: Goanywhere MFT FileCatalyst Globalscape EFT FileCatalyst Workflow Digital Guardian Agent Core Privileged Access Manager (BoKS) Robot Schedule Enterprise Agent Tripwire Enterprise FileCatalyst Direct Robot Schedule Enterprise Fortra Application Hub GoAnywhere
CVE IDTitleCVSSSeverityPublished
CVE-2026-1089 User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups — GoAnywhere MFTCWE-74 6.5 Medium2026-04-21
CVE-2026-0972 HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT — GoAnywhere MFTCWE-74 5.4 Medium2026-04-21
CVE-2026-0971 GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout — GoAnywhere MFTCWE-613 4.3 Medium2026-04-21
CVE-2025-14362 GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances — GoAnywhere MFTCWE-307 7.3 High2026-04-21
CVE-2025-1241 Encryption vulnerable to brute-force decryption in GoAnywhere MFT — GoAnywhere MFTCWE-326 5.8 Medium2026-04-21
CVE-2025-13532 Weak Password Hash in Core Privileged Access Manager (BoKS) — Core Privileged Access Manager (BoKS)CWE-916 6.2 Medium2025-12-16
CVE-2025-8148 CVE-2025-8148 Improper Access Control in SFTP service of GoAnywhere MFT — GoAnywhere MFTCWE-732 4.2 Medium2025-12-05
CVE-2025-10035 Deserialization Vulnerability in GoAnywhere MFT's License Servlet — GoAnywhere MFTCWE-77 10.0 Critical2025-09-18
CVE-2025-8450 Unrestricted File Upload in FileCatalyst — FileCatalystCWE-434 8.2 High2025-08-19
CVE-2025-3871 Broken Access Control Leads to Limited Denial of Service in GoAnywhere MFT 7.8.0 and earlier — GoAnywhere MFTCWE-862 5.3 Medium2025-07-16
CVE-2025-5141 Core Privileged Access Manager (BoKS) Leakage of Sensitive Data via the Cache — Core Privileged Access Manager (BoKS)CWE-524 5.5 Medium2025-06-17
CVE-2024-11922 Input Validation vulnerability in Web Client emails that do not go through Secure Mail — GoAnywhere MFTCWE-79 6.3 Medium2025-04-28
CVE-2025-0049 Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0 — GoAnywhereCWE-209 3.5 Low2025-04-28
CVE-2024-11923 Sensitive Information Disclosure in Fortra Application Hub Prior to version 1.3 — Fortra Application HubCWE-532 5.5 Medium2025-01-17
CVE-2024-9945 Limited Information Disclosure in GoAnywhere MFT Prior to 7.7.0 — GoAnywhere MFTCWE-200 5.3 Medium2024-12-13
CVE-2024-3334 USB Security Feature Bypass in Digital Guardian Windows Agent Prior to version 8.2.0 — Digital Guardian AgentCWE-922 4.3 Medium2024-11-15
CVE-2024-8264 Sensitive information in agent log file when detailed logging is enabled with Robot Schedule Enterprise prior to version 3.05 — Robot Schedule EnterpriseCWE-532 5.5 Medium2024-10-09
CVE-2024-6632 SQL Injection in FileCatalyst Workflow 5.1.6 Build 139 (and earlier) — FileCatalyst WorkflowCWE-89 7.2 High2024-08-27
CVE-2024-6633 Insecure Default in FileCatalyst Workflow 5.1.6 Build 139 (and earlier) — FileCatalyst WorkflowCWE-200 9.8 Critical2024-08-27
CVE-2024-25157 Authentication bypass in GoAnywhere MFT prior to 7.6.0 — GoAnywhere MFTCWE-303 6.5 Medium2024-08-14
CVE-2024-5276 SQL Injection Vulnerability in FileCatalyst Workflow 5.1.6 Build 135 (and earlier) — FileCatalyst WorkflowCWE-20 9.8 Critical2024-06-25
CVE-2024-5275 Hard-coded password in FileCatalyst Direct 3.8.10 Build 138 TransferAgent (and earlier) and FileCatalyst Workflow 5.1.6 Build 130 (and earlier) — FileCatalyst DirectCWE-259 7.8 High2024-06-18
CVE-2024-4332 Improper Authentication in Tripwire Enterprise 9.1.0 APIs — Tripwire EnterpriseCWE-303 8.1AIHighAI2024-06-03
CVE-2024-0259 Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04 — Robot Schedule Enterprise AgentCWE-276 7.3 High2024-03-28
CVE-2024-25156 Path traversal in GoAnywhere MFT 7.4.1 and Earlier — GoAnywhere MFTCWE-22 6.5 Medium2024-03-14
CVE-2024-25155 Reflected Cross-Site Scripting (XSS) in FileCatalyst Direct 3.8.8 and earlier — FileCatalystCWE-79 7.2 High2024-03-13
CVE-2024-25154 Path Traversal in FileCatalyst Direct 3.8.8 and Earlier — FileCatalystCWE-22 5.3 Medium2024-03-13
CVE-2024-25153 Remote Code Execution in FileCatalyst Workflow 5.x prior to 5.1.6 Build 114 — FileCatalystCWE-472 9.8 Critical2024-03-13
CVE-2024-0204 Authentication Bypass in GoAnywhere MFT — GoAnywhere MFTCWE-425 9.8 Critical2024-01-22
CVE-2023-6253 Saved Uninstall Key in Digital Guardian Agent Uninstaller — Digital Guardian AgentCWE-922 7.8AIHighAI2023-11-22

This page lists every published CVE security advisory associated with Fortra. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.