Vulnerability in HSQLDB Could Lead to Compromise of Confidentiality, Integrity, or Availability of FileCatalyst Workflow
Key Information
- Vendor
- Fortra
- Status
- Filecatalyst Workflow
- Vendor
- CVE Published:
- 27 August 2024
Badges
Summary
The vulnerability CVE-2024-6633 is a critical flaw in Fortra's FileCatalyst Workflow, with a CVSS v3.1 score of 9.8, indicating its severity. This vulnerability allows attackers to gain unauthorized access to the internal HSQL database, potentially leading to data theft and the creation of admin-level users. The flaw was discovered by Tenable, which found that the static password "GOSENSGO613" was being used on all FileCatalyst Workflow deployments. The database is remotely accessible and the vulnerability can only be fixed by upgrading to version 5.1.7 or later. The vendor, Fortra, has released a security bulletin advising users to upgrade their instances to mitigate the risk of exploitation. There is a significant risk of unauthorized access and malicious operations being performed on affected systems, making it critical for organizations to apply the available security updates as soon as possible.
Affected Version(s)
FileCatalyst Workflow <= 5.1.6 Build 139
News Articles
Fortra fixes critical FileCatalyst Workflow hardcoded password issue
Fortra is warning of a critical hardcoded password flaw in FileCatalyst Workflow that could allow attackers unauthorized access to an internal database to steal data and gain administrator privileges.
2 months ago
Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) - Help Net Security
Orgs using Fortra's FileCatalyst Workflow are urged to upgrade to prevent attackers accessing an internal database via CVE-2024-6633.
2 months ago
CVSS V3.1
Timeline
First article discovered by Help Net Security
Vulnerability published.
Vulnerability Reserved.