Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveFortraCVE-2024-5275
HistoryJun 18, 2024 - 3:15 p.m.

CVE-2024-5275

2024-06-1815:15:52
CWE-259
Fortra
web.nvd.nist.gov
24
filecatalyst transferagent
hard-coded password
keystore
private key
vulnerability
mitm attack
filecatalyst direct
filecatalyst workflow

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

EPSS

0

Percentile

9.0%

JSON

A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions ofย FileCatalyst Workflow from 5.1.6 Build 130 and earlier.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "TransferAgent"
    ],
    "product": "FileCatalyst Direct",
    "vendor": "Fortra",
    "versions": [
      {
        "lessThanOrEqual": "3.8.10.138",
        "status": "affected",
        "version": "3.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "FileCatalyst Workflow",
    "vendor": "Fortra",
    "versions": [
      {
        "lessThanOrEqual": "5.1.6.130",
        "status": "affected",
        "version": "4.9.8",
        "versionType": "custom"
      }
    ]
  }
]

Related

cvelist 1
nvd 1
vulnrichment 1
cvelist
cvelist
CVE-2024-5275 Hard-coded password in FileCatalyst Direct 3.8.10 Build 138 TransferAgent (and earlier) and FileCatalyst Workflow 5.1.6 Build 130 (and earlier)
2024-06-18 14:11:37
nvd
nvd
CVE-2024-5275
2024-06-18 15:15:52
vulnrichment
vulnrichment
CVE-2024-5275 Hard-coded password in FileCatalyst Direct 3.8.10 Build 138 TransferAgent (and earlier) and FileCatalyst Workflow 5.1.6 Build 130 (and earlier)
2024-06-18 14:11:37

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

EPSS

0

Percentile

9.0%

JSON
Related for CVE-2024-5275
cvelist1nvd1vulnrichment1