cbcvebase.

Fortra Filecatalyst Workflow vulnerabilities

5 known vulnerabilities affecting fortra/filecatalyst_workflow.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH2

Vulnerabilities

Page 1 of 1
CVE-2024-5276P1CRITICALCVSS 9.1ExploitedPoCfixed in 5.1.6v5.1.6+1 more2024-06-25
CVE-2024-5276 [CRITICAL] CWE-20 CVE-2024-5276: A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify applicati A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation req
nvd
CVE-2024-25153P2CRITICALCVSS 9.8≥ 5.0, < 5.1.6v5.1.62024-03-13
CVE-2024-25153 [CRITICAL] CWE-472 CVE-2024-25153: A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files t A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, includin
nvd
CVE-2024-6633P3CRITICALCVSS 9.8≥ 5.0.4, < 5.1.7≥ 5.0.4, ≤ 5.1.6 Build 1392024-08-27
CVE-2024-6633 [CRITICAL] CWE-200 CVE-2024-6633: The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate installation, has been deprecated, and is not intende
nvd
CVE-2024-5275P3HIGHCVSS 7.8≥ 4.9.8, ≤ 5.1.6.1302024-06-18
CVE-2024-5275 [HIGH] CWE-259 CVE-2024-5275: A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Dir
nvd
CVE-2024-6632P3HIGHCVSS 7.2≥ 5.0.4, < 5.1.7≥ 5.0.4, ≤ 5.1.6 Build 1392024-08-27
CVE-2024-6632 [HIGH] CWE-89 CVE-2024-6632: A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability.
nvd
Fortra Filecatalyst Workflow vulnerabilities | cvebase