9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.9%
Added: 04/08/2024
FileCatalyst Workflow is a managed file transfer product.
The **ftpservlet**
component in the FileCatalyst Workflow web portal is affected by a directory traversal vulnerability which could allow an anonymous user to upload files to arbitrary locations. This leads to remote command execution if a JSP file is uploaded to the document root.
Upgrade to FileCatalyst 5.1.6 Build 114 or higher.
<https://www.fortra.com/security/advisory/fi-2024-002>
<https://labs.nettitude.com/blog/cve-2024-25153-remote-code-execution-in-fortra-filecatalyst/>
If this exploit succeeds, the web shell must be removed manually.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.9%