August 28, 2024 at 12:51PM
Fortra has patched a critical security flaw in FileCatalyst Workflow (CVE-2024-6633) that could give remote attackers admin access via HSQL database. Tenable discovered flaws, one allowing SQL injection (CVE-2024-6632). Responsible disclosure led to patch release in version 5.1.7, fixing both vulnerabilities. Follow us on Twitter and LinkedIn for more exclusive content.
Based on the meeting notes, the key takeaways are:
1. Fortra has addressed a critical security flaw (CVE-2024-6633) in FileCatalyst Workflow that could allow a remote attacker to gain administrative access. This vulnerability stems from the use of a static password to connect to a HSQL database, which is remotely accessible on TCP port 4406 by default. This could lead to compromise of confidentiality, integrity, or availability of the software.
2. Tenable, the cybersecurity company, discovered and reported the flaw and Fortra has released a patch to fix the security hole in FileCatalyst Workflow 5.1.7 or later. The patch also addresses a high-severity SQL injection flaw (CVE-2024-6632) in the setup process, which allows for unauthorized modifications on the database.
3. It is recommended that users configure FileCatalyst Workflow to use an alternative database, as the HSQLDB is only included for installation purposes and is not intended for production use.
If you need further analysis or details on any of the points, feel free to ask.