Critical Vulnerability in Fortra FileCatalyst Workflow
The security update addresses a critical SQL injection vulnerability that could allow an attacker to modify data and create administrative users
Summary
The security update addresses a critical SQL injection vulnerability that could allow an attacker to modify data and create administrative users
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Fortra has released a security update addressing a critical vulnerability found in FileCatalyst Workflow. FileCatalyst is an accelerated file transfer software solution that allows the transfer of large files over remote networks.
CVE-2024-5276 is an SQL Injection vulnerability with a CVSSv3 score of 9.8 (critical), which if exploited could allow an unauthenticated attacker to modify or delete data in the application database, and create administrative users.
Public proof-of-concept exploit available for CVE-2024-5276
A proof-of-concept exploit for CVE-2024-5276 has been made publicly available by security researchers, which increases the likelihood of exploitation.
Remediation advice
Affected organisations are encouraged to review Forta Security Advisory FI-2024-008 and update to version 5.1.6 Build 139 (or later).
Definitive source of threat updates
Last edited: 27 June 2024 2:30 pm