Security News > 2024 > August > Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)
2024-08-28 08:46
Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB, the attacker can perform malicious operations in the database. For example, the attacker can add an admin-level user in the DOCTERA_USERS table, allowing access to the Workflow web application as an admin user,” Tenable researchers discovered. Two flaws fixed Fortra FileCatalyst Workflow is … More → The post Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/08/28/cve-2024-6633/
Related news
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929) (source)
- Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249) (source)
- Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack (source)
- Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments (source)
- Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP (source)
- Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) (source)
- Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) (source)
- Docker fixes critical auth bypass flaw, again (CVE-2024-41110) (source)
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) (source)
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-6633 | The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. | 9.8 |