FileCatalyst Workflow Security Vulnerability Patched by Fortra

A critical security flaw in FileCatalyst Workflow has been addressed by Fortra, preventing remote attackers from gaining administrative access. The vulnerability, known as CVE-2024-6633, scored a 9.8 on the CVSS scale and was caused by the use of a static password to connect to an HSQL database.

Fortra warned that default credentials for the HSQL database were published in a vendor knowledge base article, potentially compromising the software’s confidentiality, integrity, and availability. Cybersecurity company Tenable discovered the flaw, noting that the HSQLDB is remotely accessible on TCP port 4406 by default, allowing attackers to connect and perform malicious operations.

After responsible disclosure on July 2, 2024, Fortra released a patch for FileCatalyst Workflow version 5.1.7 and above. This patch also addressed a high-severity SQL injection flaw (CVE-2024-6632, CVSS score: 7.2) that allowed unauthorized modifications to the database during the setup process.

Robin Wyss, a researcher at Dynatrace, highlighted that user input during the setup process was not properly validated, enabling attackers to modify database queries and make unauthorized changes. As a result, users are advised to update their software to version 5.1.7 or later to protect against these vulnerabilities.