Vulnerabilities > Fortra > Filecatalyst Workflow

DATE CVE VULNERABILITY TITLE RISK
2024-08-27 CVE-2024-6632 SQL Injection vulnerability in Fortra Filecatalyst Workflow
A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability.
network
low complexity
fortra CWE-89
7.2
2024-08-27 CVE-2024-6633 Use of Hard-coded Credentials vulnerability in Fortra Filecatalyst Workflow
The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article.
network
low complexity
fortra CWE-798
critical
9.8
2024-06-25 CVE-2024-5276 SQL Injection vulnerability in Fortra Filecatalyst Workflow
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data.  Likely impacts include creation of administrative users and deletion or modification of data in the application database.
network
low complexity
fortra CWE-89
critical
9.1
2024-03-13 CVE-2024-25153 Exposure of Resource to Wrong Sphere vulnerability in Fortra Filecatalyst Workflow
A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request.
network
low complexity
fortra CWE-668
critical
9.8