June 27, 2024 at 03:36AM
A critical security flaw, tracked as CVE-2024-5276, has been disclosed in Fortra FileCatalyst Workflow, allowing attackers to tamper with the application database. The vulnerability, with a CVSS score of 9.8, impacts versions 5.1.6 Build 135 and earlier, but has been addressed in version 5.1.6 build 139. Tenable released a proof-of-concept exploit for the flaw.
From the meeting notes, the key takeaways are:
– There is a critical security flaw, tracked as CVE-2024-5276, in Fortra FileCatalyst Workflow versions 5.1.6 Build 135 and earlier, which could allow an attacker to tamper with the application database.
– The vulnerability has been addressed in version 5.1.6 build 139, and users are advised to apply the patches immediately. Alternatively, vulnerable servlets can be disabled as a temporary workaround.
– Tenable, a cybersecurity firm, reported the flaw and has released a proof-of-concept exploit for the vulnerability.
The team should prioritize applying the patches or implementing the temporary workaround to mitigate the risk of exploitation. Additionally, staying updated on similar exclusive content by following Fortra on Twitter and LinkedIn is recommended.