June 26, 2024 at 01:04PM
Fortra FileCatalyst Workflow has a critical SQL injection vulnerability (CVE-2024-5276) discovered by Tenable researchers. It allows remote unauthenticated attackers to create rogue admin users and manipulate data on the application database. Exploitation requires enabled anonymous access on the target instance. A public exploit is available, and fixes are provided in build 139 for impacted versions.
Based on the meeting notes, the Fortra FileCatalyst Workflow is currently vulnerable to an SQL injection vulnerability, known as CVE-2024-5276, which has a critical severity rating of 9.8 according to CVSS v3.1. This vulnerability was discovered by Tenable researchers on June 18, 2024 and was made public recently. The vulnerability allows unauthenticated attackers to create rogue admin users and manipulate data on the application database.
The vulnerability impacts FileCatalyst Workflow version 5.1.6 Build 135 and older versions. A patch has been released in FileCatalyst Workflow version 5.1.6 Build 139, which is recommended for users to upgrade to.
It’s important to note that unauthenticated exploitation of the vulnerability requires that anonymous access is enabled on the target instance. Otherwise, authentication is required to exploit CVE-2024-5276.
Tenable also published an exploit demonstrating how an anonymous remote attacker can perform SQL injection through the ‘jobID’ parameter in the Workflow web app’s URL endpoints. This exploit allows an attacker to insert malicious code and create a new admin user with a known password.
To mitigate the risk, it’s crucial for organizations using FileCatalyst Workflow to upgrade to the latest version (5.1.6 Build 139) and ensure that anonymous access is not enabled. Additionally, organizations should be vigilant for potential active exploitation of the vulnerability, given the availability of a working exploit.