Fortra has recently released version 5.1.7 of its FileCatalyst Workflow software to address critical security vulnerabilities, including CVE-2024-6632 and CVE-2024-6633 [4].
Description
CVE-2024-6632 [1] [2] [3] [4] [5], with a CVSSv3 score of 7.2 [2], allows for unauthorized modifications to the database during setup [1] [3] [5], potentially compromising data integrity [4]. This flaw, related to a high-severity SQL injection vulnerability, was discovered by Tenable. On the other hand, CVE-2024-6633 [1] [2] [3] [4] [5], with a CVSSv3 score of 9.8 [2] [5], enables remote attackers to gain administrative access through a static password for the HSQL database [1] [3], leading to data breaches and unauthorized access. Robin Wyss from Dynatrace highlighted the lack of proper input validation [3], allowing attackers to modify queries and make unauthorized changes [3]. Users are strongly advised to update to version 5.1.7 to mitigate these risks and ensure robust system security [4].
Conclusion
It is crucial for users to take immediate action and update to version 5.1.7 to protect their systems from potential security breaches. By addressing these vulnerabilities, users can safeguard their data integrity and prevent unauthorized access to their systems. Moving forward, it is essential for software developers to prioritize security measures and conduct regular security audits to prevent similar vulnerabilities in the future.
References
[1] https://thehackernews.com/2024/08/fortra-issues-patch-for-high-risk.html
[2] https://digital.nhs.uk/cyber-alerts/2024/cc-4540
[3] https://patabook.com/technology/2024/08/28/fortra-issues-patch-for-high-risk-filecatalyst-workflow-security-vulnerability/
[4] https://cybermaterial.com/critical-sql-injection-flaws-in-filecatalyst/
[5] https://www.ihash.eu/2024/08/fortra-issues-patch-for-high-risk-filecatalyst-workflow-security-vulnerability/
