Fortra Releases Patch to Address High-Risk FileCatalyst Workflow Security Vulnerability

Published:

spot_img

FileCatalyst Workflow Security Vulnerability Patched by Fortra

A critical security flaw in FileCatalyst Workflow has been addressed by Fortra, preventing remote attackers from gaining administrative access. The vulnerability, known as CVE-2024-6633, scored a 9.8 on the CVSS scale and was caused by the use of a static password to connect to an HSQL database.

Fortra warned that default credentials for the HSQL database were published in a vendor knowledge base article, potentially compromising the software’s confidentiality, integrity, and availability. Cybersecurity company Tenable discovered the flaw, noting that the HSQLDB is remotely accessible on TCP port 4406 by default, allowing attackers to connect and perform malicious operations.

After responsible disclosure on July 2, 2024, Fortra released a patch for FileCatalyst Workflow version 5.1.7 and above. This patch also addressed a high-severity SQL injection flaw (CVE-2024-6632, CVSS score: 7.2) that allowed unauthorized modifications to the database during the setup process.

Robin Wyss, a researcher at Dynatrace, highlighted that user input during the setup process was not properly validated, enabling attackers to modify database queries and make unauthorized changes. As a result, users are advised to update their software to version 5.1.7 or later to protect against these vulnerabilities.

spot_img

Related articles

Recent articles

EU and UK Attribute Cyberattack on Poland to FSB, Strengthen Sanctions Against Russian Entities

EU and UK Attribute Cyberattack on Poland to FSB, Strengthen Sanctions Against Russian Entities A recent cyberattack targeting Poland's critical infrastructure has been officially linked...

TCS Strengthens Digital Infrastructure as Technology Partner for New Terminal One at JFK Airport

TCS Strengthens Digital Infrastructure as Technology Partner for New Terminal One at JFK Airport The New Terminal One at John F. Kennedy International Airport (JFK)...

Enterprise Events Transform: Key Trends Shaping 2027

Enterprise Events Transform: Key Trends Shaping 2027 As the landscape of enterprise events evolves, the focus is shifting from traditional formats to more interactive, knowledge-driven...

EU Accelerates Review of Social Media Age Limits Following Child Safety Report

EU Accelerates Review of Social Media Age Limits Following Child Safety Report The European Commission is advancing toward the implementation of new measures aimed at...