FortraCVELIST:CVE-2024-5275CVE-2024-5275 Hard-coded password in FileCatalyst Direct 3.8.10 Build 138 TransferAgent (and earlier) and FileCatalyst Workflow 5.1.6 Build 130 (and earlier)
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.1%
A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions ofย FileCatalyst Workflow from 5.1.6 Build 130 and earlier.
CNA Affected
[
{
"defaultStatus": "unaffected",
"modules": [
"TransferAgent"
],
"product": "FileCatalyst Direct",
"vendor": "Fortra",
"versions": [
{
"lessThanOrEqual": "3.8.10.138",
"status": "affected",
"version": "3.7",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FileCatalyst Workflow",
"vendor": "Fortra",
"versions": [
{
"lessThanOrEqual": "5.1.6.130",
"status": "affected",
"version": "4.9.8",
"versionType": "custom"
}
]
}
]
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.1%