CVE-2024-5276

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

CVE-2024-6632

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability...

CVE-2024-6633

The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...

Fortra FileCatalyst Workflow Directory Traversal (CVE-2024-25153) (Version Check)

The version of Fortra FileCatalyst Workflow running on the remote host is prior to 5.1.6 Build 114. It is, therefore, is affected by a Directory Traversal vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Fortra FileCatalyst Direct Directory Traversal (CVE-2024-25154) (Version Check)

The version of Fortra FileCatalyst Direct running on the remote host is prior to 3.8.9. It is, therefore, is affected by a number of vulnerabilities - Improper URL validation allows path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to retu...

Fortra FileCatalyst Workflow SQL Injection

require 'digest/md5' class MetasploitModule 'Fortra FileCatalyst Workflow SQL Injection CVE-2024-5276', 'Description' = %q This module exploits a SQL injection vulnerability in Fortra FileCatalyst Workflow 'Tenable', Discovery and PoC 'Michael Heinzl' MSF Module , 'References' = 'CVE', '2024-5276...

Fortra FileCatalyst Workflow HSQLDB Static Password (CVE-2024-6633)

Binary data fortrafilecatalystworkflowcve-2024-6633.nbin...

Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability

Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL databas...

CVE-2024-6633

The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...

CVE-2024-6633

The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...

CVE-2024-6632

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability...

CVE-2024-6632 SQL Injection in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability...

CVE-2024-6632

CVE-2024-6632 is a SQL injection vulnerability in FileCatalyst Workflow (versions 5.1.6 and earlier) exploitable via a field accessible to the super admin, leading to potential loss of confidentiality, integrity, and availability. Root cause: insufficient input validation in a form submission dur...

CVE-2024-6632 SQL Injection in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability...

CVE-2024-6633 Insecure Default in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)

The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...

CVE-2024-6633

CVE-2024-6633 affects FileCatalyst Workflow prior to 5.1.7 where the setup HSQLDB uses default credentials. The issue stems from a publicly published default password that enables remote access to the HSQLDB (default TCP port 4406), potentially allowing an attacker to gain admin privileges and ac...

CVE-2024-6633 Insecure Default in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)

The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...

FileCatalyst Workflow 信任管理问题漏洞

FileCatalyst Workflow is a browser-based large file transfer solution from FileCatalyst, Inc. A security vulnerability exists in FileCatalyst Workflow that stems from the use of default credentials has been posted in the Vendor Knowledge Base article...

PT-2024-37762 · Filecatalyst · Filecatalyst Workflow

Name of the Vulnerable Software and Affected Versions: FileCatalyst Workflow versions up to 5.1.6 Build 139 Description: The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to ...

PT-2024-37761 · Unknown · Filecatalyst Workflow

Name of the Vulnerable Software and Affected Versions: FileCatalyst Workflow versions 5.1.6 and earlier Description: A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack, which can lead to a loss of...