Advisories address two vulnerabilities, one rated as critical and the other as high severity

Threat ID:CC-4540

Threat Severity:Medium

Published:28 August 2024 4:34 PM

Summary

Affected platforms

The following platforms are known to be affected:

Versions: 5.1.6 Build 139 and earlier

Fortra FileCatalyst

Threat details

Introduction

Fortra has released security advisories addressing a critical vulnerability and a high severity vulnerability found in FileCatalyst Workflow. FileCatalyst is an accelerated file transfer software solution that allows the transfer of large files over remote networks.

CVE-2024-6632 is an SQL injection vulnerability with a CVSSv3 score of 7.2 (high), which if exploited could allow an unauthenticated attacker to modify or delete data in the application database, and create administrative users.

CVE-2024-6633 is a insecure default vulnerability with a CVSSv3 score of 9.8 (critical) that could allow an unauthenticated attacker remote access to the database, permitting data manipulation or exfiltration from the database, and admin user creation with access levels contained to the sandbox.

Remediation advice

Affected organisations are encouraged to review Forta Security Advisories FI-2024-010 and FI-2024-011, the additional information in FileCatalyst Workflow Database Vulnerabilities, and update to version 5.1.7 or later.

Definitive source of threat updates

https://www.fortra.com/security/advisories/product-security/fi-2024-010

https://www.fortra.com/security/advisories/product-security/fi-2024-011

https://support.fortra.com/filecatalyst/kb-articles

CVE Vulnerabilities

StatusPublished

CVE-2024-6632A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability.

StatusPublished

CVE-2024-6633The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB.

Last edited: 28 August 2024 4:36 pm