{"id":76335,"date":"2024-08-28T03:20:12","date_gmt":"2024-08-28T03:20:12","guid":{"rendered":"https:\/\/cybersecuritynews.com\/?p=76335"},"modified":"2024-08-28T03:20:13","modified_gmt":"2024-08-28T03:20:13","slug":"sql-injection-fortra-filecatalyst","status":"publish","type":"post","link":"https:\/\/cybersecuritynews.com\/sql-injection-fortra-filecatalyst\/","title":{"rendered":"Critical SQL Injection Vulnerability Discovered in Fortra FileCatalyst Workflow"},"content":{"rendered":"\n

Fortra has urgently released patches to address two critical SQL injection vulnerabilities in its FileCatalyst Workflow software, identified as CVE-2024-6632 and CVE-2024-6633. If exploited, these vulnerabilities<\/a> could severely compromise the confidentiality, integrity, and availability of affected systems.<\/p>\n\n\n\n

FileCatalyst Workflow, a prominent solution for transferring large files across networks, was found to have significant security flaws. The vulnerabilities were disclosed on August 27, 2024, following an investigation by cybersecurity firms Dynatrace and Tenable.<\/p>\n\n\n\n

The flaws affect versions up to 5.1.6 Build 139, with the potential for unauthorized database modifications and information disclosure.<\/p>\n\n\n\n

Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Sp<\/a>ot<\/a><\/code><\/strong><\/p>\n\n\n\n

Details of the Vulnerabilities<\/h3>\n\n\n\n

CVE-2024-6632<\/a><\/strong>: This vulnerability allows attackers to perform SQL injection attacks via a field accessible to super administrators. Such attacks can lead to unauthorized modifications of the database, posing a risk to data integrity and system availability.<\/p>\n\n\n\n

The vulnerability was discovered during a routine security assessment by Dynatrace, which identified that user input was not adequately validated during the setup process, allowing for potential exploitation.<\/p>\n\n\n\n

CVE-2024-6633<\/a><\/strong>: This issue involves the misuse of default credentials for the HSQL database used during installation. Although not intended for production use, systems that have not switched to an alternative database remain vulnerable. This flaw could lead to unauthorized access and data breaches.<\/p>\n\n\n\n

Fortra has addressed these vulnerabilities in FileCatalyst Workflow version 5.1.7. Users are strongly advised to update their systems immediately to mitigate potential risks.<\/p>\n\n\n\n

The company has emphasized the importance of following recommended configurations, particularly regarding database setup, to prevent unauthorized access.<\/p>\n\n\n\n

Organizations using FileCatalyst Workflow should review their security protocols and ensure that all systems are updated to the latest version to protect against potential exploits.<\/p>\n\n\n\n

Are You From SOC\/DFIR Teams? - Try Advanced Malware and Phishing Analysis With\u00a0ANY.RUN - 14 day free trial<\/a><\/code><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Fortra has urgently released patches to address two critical SQL injection vulnerabilities in its FileCatalyst Workflow software, identified as CVE-2024-6632 and CVE-2024-6633. If exploited, these vulnerabilities could severely compromise the confidentiality, integrity, and availability of affected systems. FileCatalyst Workflow, a prominent solution for transferring large files across networks, was found to have significant security flaws. […]<\/p>\n","protected":false},"author":1,"featured_media":76337,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgtTou6_f-QtgQ5IAmVbPyRQFS7Uely3JQY7gUL657cKgVGE7huk47DK9SqJDyvl9q1WXUdzhbX15D5DxITyzuyFiotoDXDxVspUZeq9r98zHCYmkttDb0MgMej2_ixhJqn3Z9gMBnmpWFGFUI0l3LuJ5CJmEJpJ6Urnc4yMQWN0y3S05T_y6UDpik2n0R6\/s16000\/Fortra%20SQL%20Injection%20Vulnerability.webp","fifu_image_alt":"Critical SQL Injection Vulnerability Discovered in Fortra FileCatalyst Workflow","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,53],"tags":[149,416],"class_list":{"0":"post-76335","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security-news","8":"category-vulnerability","9":"tag-cyber-security","10":"tag-vulnerability"},"yoast_head":"\nCritical SQL Injection Vulnerabilities Discovered in Fortra FileCatalyst Workflow<\/title>\n<meta name=\"description\" content=\"Fortra has urgently released patches to address two critical SQL injection vulnerabilities in its FileCatalyst Workflow software, identified as CVE-2024-6632 and CVE-2024-6633.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecuritynews.com\/sql-injection-fortra-filecatalyst\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical SQL Injection Vulnerability Discovered in Fortra FileCatalyst Workflow\" \/>\n<meta property=\"og:description\" content=\"Fortra has urgently released patches to address two critical SQL injection vulnerabilities in its FileCatalyst Workflow software, identified as CVE-2024-6632 and CVE-2024-6633.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecuritynews.com\/sql-injection-fortra-filecatalyst\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Security News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Hackingtutorialsandnews\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/guruba008\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-28T03:20:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-28T03:20:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgtTou6_f-QtgQ5IAmVbPyRQFS7Uely3JQY7gUL657cKgVGE7huk47DK9SqJDyvl9q1WXUdzhbX15D5DxITyzuyFiotoDXDxVspUZeq9r98zHCYmkttDb0MgMej2_ixhJqn3Z9gMBnmpWFGFUI0l3LuJ5CJmEJpJ6Urnc4yMQWN0y3S05T_y6UDpik2n0R6\/s16000\/Fortra%20SQL%20Injection%20Vulnerability.webp\" \/>\n<meta name=\"author\" content=\"Guru Baran\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgtTou6_f-QtgQ5IAmVbPyRQFS7Uely3JQY7gUL657cKgVGE7huk47DK9SqJDyvl9q1WXUdzhbX15D5DxITyzuyFiotoDXDxVspUZeq9r98zHCYmkttDb0MgMej2_ixhJqn3Z9gMBnmpWFGFUI0l3LuJ5CJmEJpJ6Urnc4yMQWN0y3S05T_y6UDpik2n0R6\/s16000\/Fortra%20SQL%20Injection%20Vulnerability.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@guruba008\" \/>\n<meta name=\"twitter:site\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Guru Baran\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Critical SQL Injection Vulnerabilities Discovered in Fortra FileCatalyst Workflow","description":"Fortra has urgently released patches to address two critical SQL injection vulnerabilities in its FileCatalyst Workflow software, identified as CVE-2024-6632 and CVE-2024-6633.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecuritynews.com\/sql-injection-fortra-filecatalyst\/","og_locale":"en_US","og_type":"article","og_title":"Critical SQL Injection Vulnerability Discovered in Fortra FileCatalyst Workflow","og_description":"Fortra has urgently released patches to address two critical SQL injection vulnerabilities in its FileCatalyst Workflow software, identified as CVE-2024-6632 and CVE-2024-6633.","og_url":"https:\/\/cybersecuritynews.com\/sql-injection-fortra-filecatalyst\/","og_site_name":"Cyber Security News","article_publisher":"https:\/\/www.facebook.com\/Hackingtutorialsandnews","article_author":"https:\/\/www.facebook.com\/guruba008","article_published_time":"2024-08-28T03:20:12+00:00","article_modified_time":"2024-08-28T03:20:13+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgtTou6_f-QtgQ5IAmVbPyRQFS7Uely3JQY7gUL657cKgVGE7huk47DK9SqJDyvl9q1WXUdzhbX15D5DxITyzuyFiotoDXDxVspUZeq9r98zHCYmkttDb0MgMej2_ixhJqn3Z9gMBnmpWFGFUI0l3LuJ5CJmEJpJ6Urnc4yMQWN0y3S05T_y6UDpik2n0R6\/s16000\/Fortra%20SQL%20Injection%20Vulnerability.webp","type":"","width":"","height":""}],"author":"Guru Baran","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgtTou6_f-QtgQ5IAmVbPyRQFS7Uely3JQY7gUL657cKgVGE7huk47DK9SqJDyvl9q1WXUdzhbX15D5DxITyzuyFiotoDXDxVspUZeq9r98zHCYmkttDb0MgMej2_ixhJqn3Z9gMBnmpWFGFUI0l3LuJ5CJmEJpJ6Urnc4yMQWN0y3S05T_y6UDpik2n0R6\/s16000\/Fortra%20SQL%20Injection%20Vulnerability.webp","twitter_creator":"@guruba008","twitter_site":"@The_Cyber_News","twitter_misc":{"Written by":"Guru Baran","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cybersecuritynews.com\/sql-injection-fortra-filecatalyst\/#article","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/sql-injection-fortra-filecatalyst\/"},"author":{"name":"Guru Baran","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/f7f138f8fd41a61bb60151da47730026"},"headline":"Critical SQL Injection Vulnerability Discovered in Fortra FileCatalyst Workflow","datePublished":"2024-08-28T03:20:12+00:00","dateModified":"2024-08-28T03:20:13+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecuritynews.com\/sql-injection-fortra-filecatalyst\/"},"wordCount":276,"publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"image":{"@id":"https:\/\/cybersecuritynews.com\/sql-injection-fortra-filecatalyst\/#primaryimage"},"thumbnailUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgtTou6_f-QtgQ5IAmVbPyRQFS7Uely3JQY7gUL657cKgVGE7huk47DK9SqJDyvl9q1WXUdzhbX15D5DxITyzuyFiotoDXDxVspUZeq9r98zHCYmkttDb0MgMej2_ixhJqn3Z9gMBnmpWFGFUI0l3LuJ5CJmEJpJ6Urnc4yMQWN0y3S05T_y6UDpik2n0R6\/s16000\/Fortra%20SQL%20Injection%20Vulnerability.webp?w=1600&resize=1600,900&ssl=1","keywords":["cyber security","vulnerability"],"articleSection":["Cyber Security News","Vulnerability"],"inLanguage":"en-US","copyrightYear":"2024","copyrightHolder":{"@id":"https:\/\/cybersecuritynews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cybersecuritynews.com\/sql-injection-fortra-filecatalyst\/","url":"https:\/\/cybersecuritynews.com\/sql-injection-fortra-filecatalyst\/","name":"Critical SQL Injection Vulnerabilities Discovered in Fortra FileCatalyst Workflow","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersecuritynews.com\/sql-injection-fortra-filecatalyst\/#primaryimage"},"image":{"@id":"https:\/\/cybersecuritynews.com\/sql-injection-fortra-filecatalyst\/#primaryimage"},"thumbnailUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgtTou6_f-QtgQ5IAmVbPyRQFS7Uely3JQY7gUL657cKgVGE7huk47DK9SqJDyvl9q1WXUdzhbX15D5DxITyzuyFiotoDXDxVspUZeq9r98zHCYmkttDb0MgMej2_ixhJqn3Z9gMBnmpWFGFUI0l3LuJ5CJmEJpJ6Urnc4yMQWN0y3S05T_y6UDpik2n0R6\/s16000\/Fortra%20SQL%20Injection%20Vulnerability.webp?w=1600&resize=1600,900&ssl=1","datePublished":"2024-08-28T03:20:12+00:00","dateModified":"2024-08-28T03:20:13+00:00","description":"Fortra has urgently released patches to address two critical SQL injection vulnerabilities in its FileCatalyst Workflow software, identified as CVE-2024-6632 and CVE-2024-6633.","breadcrumb":{"@id":"https:\/\/cybersecuritynews.com\/sql-injection-fortra-filecatalyst\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecuritynews.com\/sql-injection-fortra-filecatalyst\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/sql-injection-fortra-filecatalyst\/#primaryimage","url":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgtTou6_f-QtgQ5IAmVbPyRQFS7Uely3JQY7gUL657cKgVGE7huk47DK9SqJDyvl9q1WXUdzhbX15D5DxITyzuyFiotoDXDxVspUZeq9r98zHCYmkttDb0MgMej2_ixhJqn3Z9gMBnmpWFGFUI0l3LuJ5CJmEJpJ6Urnc4yMQWN0y3S05T_y6UDpik2n0R6\/s16000\/Fortra%20SQL%20Injection%20Vulnerability.webp?w=1600&resize=1600,900&ssl=1","contentUrl":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgtTou6_f-QtgQ5IAmVbPyRQFS7Uely3JQY7gUL657cKgVGE7huk47DK9SqJDyvl9q1WXUdzhbX15D5DxITyzuyFiotoDXDxVspUZeq9r98zHCYmkttDb0MgMej2_ixhJqn3Z9gMBnmpWFGFUI0l3LuJ5CJmEJpJ6Urnc4yMQWN0y3S05T_y6UDpik2n0R6\/s16000\/Fortra%20SQL%20Injection%20Vulnerability.webp?w=1600&resize=1600,900&ssl=1","width":"1600","height":"900","caption":"Critical SQL Injection Vulnerability Discovered in Fortra FileCatalyst Workflow"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecuritynews.com\/sql-injection-fortra-filecatalyst\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersecuritynews.com\/"},{"@type":"ListItem","position":2,"name":"Critical SQL Injection Vulnerability Discovered in Fortra FileCatalyst Workflow"}]},{"@type":"WebSite","@id":"https:\/\/cybersecuritynews.com\/#website","url":"https:\/\/cybersecuritynews.com\/","name":"Cyber Security News","description":"World's #1 Premier Cybersecurity and Hacking News Portal","publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecuritynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersecuritynews.com\/#organization","name":"Cyber Security News","url":"https:\/\/cybersecuritynews.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","contentUrl":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","width":200,"height":200,"caption":"Cyber Security News"},"image":{"@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Hackingtutorialsandnews","https:\/\/x.com\/The_Cyber_News","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"]},{"@type":"Person","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/f7f138f8fd41a61bb60151da47730026","name":"Guru Baran","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/72f86da0bb72b6886d25f0ef0c881daba3a98356bc44f916f8d3a62c9e856579?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/72f86da0bb72b6886d25f0ef0c881daba3a98356bc44f916f8d3a62c9e856579?s=96&d=mm&r=g","caption":"Guru Baran"},"description":"Gurubaran is the Co-Founder and Editor-in-Chief of CyberSecurityNews.com, specializing in vulnerability analysis, malware research, ransomware, and computer forensics.","sameAs":["https:\/\/cybersecuritynews.com","https:\/\/www.facebook.com\/guruba008","https:\/\/www.linkedin.com\/in\/gurubaran-cyberwrites\/","https:\/\/x.com\/guruba008"],"url":"https:\/\/cybersecuritynews.com\/author\/guru\/"}]}},"jetpack_featured_media_url":"https:\/\/i1.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgtTou6_f-QtgQ5IAmVbPyRQFS7Uely3JQY7gUL657cKgVGE7huk47DK9SqJDyvl9q1WXUdzhbX15D5DxITyzuyFiotoDXDxVspUZeq9r98zHCYmkttDb0MgMej2_ixhJqn3Z9gMBnmpWFGFUI0l3LuJ5CJmEJpJ6Urnc4yMQWN0y3S05T_y6UDpik2n0R6\/s16000\/Fortra%20SQL%20Injection%20Vulnerability.webp?w=1600&resize=1600,900&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/76335","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/comments?post=76335"}],"version-history":[{"count":1,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/76335\/revisions"}],"predecessor-version":[{"id":76336,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/76335\/revisions\/76336"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media\/76337"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media?parent=76335"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/categories?post=76335"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/tags?post=76335"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}