June 28, 2024 at 07:12AM
Fortra released patches for a critical SQL injection vulnerability (CVE-2024-5276, CVSS 9.8) in FileCatalyst Workflow version 5.1.6 Build 135 and earlier. This flaw could create administrative user accounts and modify application data. Tenable identified the issue and published PoC code for exploiting it. Fortra addressed the vulnerability in version 5.1.6 build 139.
Key takeaways from the meeting notes:
– Fortra has announced patches for a critical-severity SQL injection vulnerability in FileCatalyst Workflow, tracked as CVE-2024-5276 with a CVSS score of 9.8.
– The vulnerability affects FileCatalyst Workflow version 5.1.6 Build 135 and earlier.
– The issue could allow attackers to create administrative user accounts and modify application data.
– Tenable identified the security defect, which exists because a user-supplied jobID is used when forming the ‘Where’ clause in an SQL query.
– This enables an anonymous remote attacker to perform SQL injection via the jobID parameter in various URL endpoints of the workflow web application.
– The cybersecurity firm published proof-of-concept (PoC) code that triggers the SQL injection and creates a new administrative account, with the password ‘password123’, allowing remote access.
– Fortra has addressed the vulnerability in FileCatalyst Workflow version 5.1.6 build 139 and users are advised to update their instances as soon as possible.
– The company’s streamlined file transfer solutions have been targeted in malicious attacks, as was the case with the Cl0p ransomware operation last year, which exploited a zero-day vulnerability in Fortra’s GoAnywhere managed file transfer (MFT) software.