Fortra has resolved a critical security flaw that affected FileCatalyst Workflow and could have been used by a remote attacker to gain administrative access.
A serious security vulnerability affecting FileCatalyst Workflow that may be exploited by a remote attacker to obtain administrative access has been fixed by Fortra. With a CVSS score of 9.8, the vulnerability—tracked as CVE-2024-6633—is caused by connecting to an HSQL database using a static password. “The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledge base article,” Fortra stated in a press release. “Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software.”
According to vendor guidelines, the HSQLDB has been deprecated and is solely offered to make installation easier. It is not meant for usage in production. But customers who haven’t set up FileCatalyst Workflow to use a different database in accordance with advice are open to attack from any source that can connect to the HSQLDB.” Tenable, a cybersecurity organization, has been attributed with finding and disclosing the vulnerability. According to Tenable, the HSQLDB is by default remotely accessible on TCP port 4406, which means that an attacker can connect to the database remotely and carry out harmful actions by using the static password.
Fortra has provided a patch to resolve the security hole in FileCatalyst Workflow 5.1.7 or later, following responsible disclosure on July 2, 2024. “For example, the attacker can add an admin-level user in the DOCTERA_USERS table, allowing access to the Workflow web application as an admin user,” Tenable explained. A high-severity SQL injection vulnerability (CVE-2024-6632, CVSS score: 7.2) that exploits a form submission step during setup to make unauthorized database updates is also fixed in version 5.1.7.
The user is asked to submit a form with company information during the FileCatalyst Workflow setup process, according to researcher Robin Wyss of Dynatrace. The user input is not properly validated, even when the given data is used in a database statement. The attacker can therefore change the query. This makes it possible for unauthorized users to alter the database.”
Also read: Top 3 Workforce Management Companies in India You Should Know
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
