Lucene search

Df4dee71-de3a-4139-9588-11b62fe6c0ffNVD:CVE-2024-6633

HistoryAug 27, 2024 - 3:15 p.m.

CVE-2024-6633

2024-08-2715:15:17

CWE-200

CWE-798

df4dee71-de3a-4139-9588-11b62fe6c0ff

web.nvd.nist.gov

filecatalyst workflow

default credentials

hsqldb

security compromise

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.6%

JSON

The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software.

The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB.

Affected configurations

Nvd

Node

fortrafilecatalyst_workflowRange5.0.4–5.1.7

VendorProductVersionCPE
fortrafilecatalyst_workflow*cpe:2.3:a:fortra:filecatalyst_workflow:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortra	filecatalyst_workflow	*	cpe:2.3:a:fortra:filecatalyst_workflow::::::::

References

www.fortra.com/security/advisories/product-security/fi-2024-011

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.6%

JSON

Related for NVD:CVE-2024-6633