Vulnerabilities > Fortra > Filecatalyst Workflow
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-6632 | SQL Injection vulnerability in Fortra Filecatalyst Workflow A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability. | 7.2 |
| 2024-08-27 | CVE-2024-6633 | Use of Hard-coded Credentials vulnerability in Fortra Filecatalyst Workflow The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. | 9.8 |
| 2024-06-25 | CVE-2024-5276 | SQL Injection vulnerability in Fortra Filecatalyst Workflow A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. | 9.1 |
| 2024-03-13 | CVE-2024-25153 | Exposure of Resource to Wrong Sphere vulnerability in Fortra Filecatalyst Workflow A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. | 9.8 |