Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Fortra — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting Fortra. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Fortra, formerly part of DigiCert, specializes in identity governance and privileged access management solutions, primarily serving enterprise environments requiring strict control over administrative credentials. The company’s software portfolio has historically been associated with a significant volume of security flaws, currently totaling 34 Common Vulnerabilities and Exposures (CVEs). These vulnerabilities predominantly involve remote code execution and cross-site scripting, often stemming from insufficient input validation or improper access controls within web-based administrative interfaces. While specific major public breaches directly attributed to Fortra products remain limited in widespread reporting, the high count of disclosed CVEs indicates persistent challenges in securing legacy codebases and complex privilege escalation mechanisms. Security analysts recommend rigorous patch management and network segmentation to mitigate risks associated with these known weaknesses, ensuring that privileged access tools do not become entry points for broader infrastructure compromise.

Found 14 results / 34Clear Filters
Top products by Fortra: Goanywhere MFT FileCatalyst Globalscape EFT FileCatalyst Workflow Digital Guardian Agent Core Privileged Access Manager (BoKS) Robot Schedule Enterprise Agent Tripwire Enterprise FileCatalyst Direct Robot Schedule Enterprise Fortra Application Hub GoAnywhere
CVE IDTitleCVSSSeverityPublished
CVE-2026-1089 User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups — GoAnywhere MFTCWE-74 6.5 Medium2026-04-21
CVE-2026-0972 HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT — GoAnywhere MFTCWE-74 5.4 Medium2026-04-21
CVE-2026-0971 GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout — GoAnywhere MFTCWE-613 4.3 Medium2026-04-21
CVE-2025-14362 GoAnywhere MFT SFTP Service Login Vulnerable to Brute Force Attack Under Certain Circumstances — GoAnywhere MFTCWE-307 7.3 High2026-04-21
CVE-2025-1241 Encryption vulnerable to brute-force decryption in GoAnywhere MFT — GoAnywhere MFTCWE-326 5.8 Medium2026-04-21
CVE-2025-8148 CVE-2025-8148 Improper Access Control in SFTP service of GoAnywhere MFT — GoAnywhere MFTCWE-732 4.2 Medium2025-12-05
CVE-2025-10035 Deserialization Vulnerability in GoAnywhere MFT's License Servlet — GoAnywhere MFTCWE-77 10.0 Critical2025-09-18
CVE-2025-3871 Broken Access Control Leads to Limited Denial of Service in GoAnywhere MFT 7.8.0 and earlier — GoAnywhere MFTCWE-862 5.3 Medium2025-07-16
CVE-2024-11922 Input Validation vulnerability in Web Client emails that do not go through Secure Mail — GoAnywhere MFTCWE-79 6.3 Medium2025-04-28
CVE-2024-9945 Limited Information Disclosure in GoAnywhere MFT Prior to 7.7.0 — GoAnywhere MFTCWE-200 5.3 Medium2024-12-13
CVE-2024-25157 Authentication bypass in GoAnywhere MFT prior to 7.6.0 — GoAnywhere MFTCWE-303 6.5 Medium2024-08-14
CVE-2024-25156 Path traversal in GoAnywhere MFT 7.4.1 and Earlier — GoAnywhere MFTCWE-22 6.5 Medium2024-03-14
CVE-2024-0204 Authentication Bypass in GoAnywhere MFT — GoAnywhere MFTCWE-425 9.8 Critical2024-01-22
CVE-2023-0669 Fortra GoAnywhere MFT License Response Servlet Command Injection — Goanywhere MFTCWE-502 8.8 -2023-02-06

This page lists every published CVE security advisory associated with Fortra. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.