cbcvebase.
CVE-2024-5275
published 2024-06-18

CVE-2024-5275: A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example…

PriorityP341high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.11%
1.7th percentile
A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of FileCatalyst Workflow from 5.1.6 Build 130 and earlier.

Affected

2 ranges
VendorProductVersion rangeFixed in
fortrafilecatalyst_direct3.7 – 3.8.10.138
fortrafilecatalyst_workflow4.9.8 – 5.1.6.130
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.