Security News > 2024 > August > Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)
2024-08-28 08:46

Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB, the attacker can perform malicious operations in the database. For example, the attacker can add an admin-level user in the DOCTERA_USERS table, allowing access to the Workflow web application as an admin user,” Tenable researchers discovered. Two flaws fixed Fortra FileCatalyst Workflow is … More → The post Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/08/28/cve-2024-6633/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-08-27 CVE-2024-6633 Use of Hard-coded Credentials vulnerability in Fortra Filecatalyst Workflow
The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article.
network
low complexity
fortra CWE-798
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Fortra 6 0 6 2 4 12