SQL Injection Vulnerability in FileCatalyst Workflow

CVE-2024-6632

7.2HIGH

Key Information

Vendor
Fortra
Status
Filecatalyst Workflow
Vendor
CVE Published:
27 August 2024

Summary

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability.

Affected Version(s)

FileCatalyst Workflow <= 5.1.6 Build 139

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Dynatrace Security Research
.