Critical SQL Injection Vulnerability Discovered in Fortra FileCatalyst Workflow

Fortra has urgently released patches to address two critical SQL injection vulnerabilities in its FileCatalyst Workflow software, identified as CVE-2024-6632 and CVE-2024-6633. If exploited, these vulnerabilities could severely compromise the confidentiality, integrity, and availability of affected systems.

FileCatalyst Workflow, a prominent solution for transferring large files across networks, was found to have significant security flaws. The vulnerabilities were disclosed on August 27, 2024, following an investigation by cybersecurity firms Dynatrace and Tenable.

The flaws affect versions up to 5.1.6 Build 139, with the potential for unauthorized database modifications and information disclosure.

Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot

Details of the Vulnerabilities

CVE-2024-6632: This vulnerability allows attackers to perform SQL injection attacks via a field accessible to super administrators. Such attacks can lead to unauthorized modifications of the database, posing a risk to data integrity and system availability.

The vulnerability was discovered during a routine security assessment by Dynatrace, which identified that user input was not adequately validated during the setup process, allowing for potential exploitation.

CVE-2024-6633: This issue involves the misuse of default credentials for the HSQL database used during installation. Although not intended for production use, systems that have not switched to an alternative database remain vulnerable. This flaw could lead to unauthorized access and data breaches.

Fortra has addressed these vulnerabilities in FileCatalyst Workflow version 5.1.7. Users are strongly advised to update their systems immediately to mitigate potential risks.

The company has emphasized the importance of following recommended configurations, particularly regarding database setup, to prevent unauthorized access.

Organizations using FileCatalyst Workflow should review their security protocols and ensure that all systems are updated to the latest version to protect against potential exploits.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial