August 30, 2024 at 07:24AM
Fortra announced patches for critical vulnerabilities in FileCatalyst Workflow, including a flaw involving leaked credentials (CVE-2024-6633) and a high-severity SQL injection issue (CVE-2024-6632). These vulnerabilities could grant an attacker remote access and perform dangerous operations. The company advises customers to update to FileCatalyst Workflow version 5.1.7 build 156 to mitigate these risks.
Based on the meeting notes, the cybersecurity solutions provider Fortra has announced patches for two vulnerabilities in FileCatalyst Workflow. These vulnerabilities include a critical severity flaw involving leaked credentials and a high-severity SQL injection flaw.
The critical issue, identified as CVE-2024-6633 with a CVSS score of 9.8, revolves around the default credentials for the setup HSQL database (HSQLDB) being published in a vendor knowledgebase article. Although HSQLDB is included for installation facilitation and isn’t intended for production use, if no alternative database has been configured, vulnerable instances of FileCatalyst Workflow may be exposed to attacks.
Fortra has addressed the vulnerability by limiting access to the database to localhost, and the patches have been included in FileCatalyst Workflow version 5.1.7 build 156. Additionally, a high-severity SQL injection flaw tracked as CVE-2024-6632 has been resolved in the same version.
The company advises its customers to update to FileCatalyst Workflow version 5.1.7 build 156 or later as soon as possible to mitigate the risks associated with these vulnerabilities.
There is no mention of these vulnerabilities being exploited in attacks by Fortra.