[Git][security-tracker-team/security-tracker][master] auto-nfu: Add product-based CNA rule for Fortra

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
09f23866 by Moritz Muehlenhoff at 2025-04-29T11:04:26+02:00
auto-nfu: Add product-based CNA rule for Fortra

The scope also includes external findings

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -63,7 +63,7 @@ CVE-2025-0049 (When a Web User without Create permission on subfolders attempts
 CVE-2024-12273 (The Calculated Fields Form WordPress plugin before 5.2.62 does not san ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-11922 (Missing input validation in certain features of the Web Client of Fort ...)
-	TODO: check
+	NOT-FOR-US: Fortra
 CVE-2024-10635 (Enterprise Protection contains an improper input validation vulnerabil ...)
 	NOT-FOR-US: Proofpoint
 CVE-2025-4035


=====================================
data/packages/nfu.yaml
=====================================
@@ -182,6 +182,11 @@
     - anyOf:
       - product: ArcGIS Server
       - product: ArcGIS Enterprise Builder
+- reason: Fortra
+  allOf:
+    - cna: Fortra
+    - anyOf:
+      - product: GoAnywhere MFT
 - reason: HP
   allOf:
     - cna: hp



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09f23866d19a7055552db1be2bb059561f8edd35

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09f23866d19a7055552db1be2bb059561f8edd35
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250429/398acb57/attachment-0001.htm>