Lucene search

FortraCVELIST:CVE-2024-6633

HistoryAug 27, 2024 - 2:11 p.m.

CVE-2024-6633 Insecure Default in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)

2024-08-2714:11:24

CWE-200

Fortra

www.cve.org

cve-2024-6633

insecure default

filecatalyst workflow

hsql database

default credentials

vendor knowledgebase

confidentiality

integrity

availability

deprecated

production use

alternative database

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.6%

JSON

The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software.

The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "FileCatalyst Workflow",
    "vendor": "Fortra",
    "versions": [
      {
        "lessThanOrEqual": "5.1.6 Build 139",
        "status": "affected",
        "version": "5.0.4",
        "versionType": "semver"
      }
    ]
  }
]

References

www.fortra.com/security/advisories/product-security/fi-2024-011

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.6%

JSON

Related for CVELIST:CVE-2024-6633