Vulnerabilities > CVE-2024-25153 - Exposure of Resource to Wrong Sphere vulnerability in Fortra Filecatalyst Workflow

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

fortra

CWE-668

critical

NVD

Published: 2024-03-13

Updated: 2025-01-21

Summary

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.

Vulnerable Configurations

Part	Description	Count
Application	Fortra Fortra Filecatalyst Workflow 5.1.6 Fortra Filecatalyst Workflow 5.0 Fortra Filecatalyst Workflow 5.0.1 Fortra Filecatalyst Workflow 5.0.2 Fortra Filecatalyst Workflow 5.0.3 Fortra Filecatalyst Workflow 5.0.4 Fortra Filecatalyst Workflow 5.0.5 Fortra Filecatalyst Workflow 5.1 Fortra Filecatalyst Workflow 5.1.1 Fortra Filecatalyst Workflow 5.1.2 Fortra Filecatalyst Workflow 5.1.3 Fortra Filecatalyst Workflow 5.1.4 Fortra Filecatalyst Workflow 5.1.5	13

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

Vulnerabilities > CVE-2024-25153 - Exposure of Resource to Wrong Sphere vulnerability in Fortra Filecatalyst Workflow

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Related news

References