Lucene search

Df4dee71-de3a-4139-9588-11b62fe6c0ffNVD:CVE-2024-5276

HistoryJun 25, 2024 - 8:15 p.m.

CVE-2024-5276

2024-06-2520:15:14

CWE-20

CWE-89

df4dee71-de3a-4139-9588-11b62fe6c0ff

web.nvd.nist.gov

sql injection

filecatalyst workflow

unauthorized access

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

15.7%

JSON

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.

References

support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0

www.fortra.com/security/advisory/fi-2024-008

www.tenable.com/security/research/tra-2024-25

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for NVD:CVE-2024-5276