Security News > 2024 > August > Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)
2024-08-28 08:46
Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB, the attacker can perform malicious operations in the database. For example, the attacker can add an admin-level user in the DOCTERA_USERS table, allowing access to the Workflow web application as an admin user,” Tenable researchers discovered. Two flaws fixed Fortra FileCatalyst Workflow is … More → The post Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/08/28/cve-2024-6633/
Related news
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)
- Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers (source)
- Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-6633 | Use of Hard-coded Credentials vulnerability in Fortra Filecatalyst Workflow The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. | 9.8 |