Vulnerabilities > Fortra > Filecatalyst Workflow
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-6632 | SQL Injection vulnerability in Fortra Filecatalyst Workflow A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability. | 7.2 |
| 2024-08-27 | CVE-2024-6633 | Use of Hard-coded Credentials vulnerability in Fortra Filecatalyst Workflow The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. | 9.8 |
| 2024-03-13 | CVE-2024-25153 | Exposure of Resource to Wrong Sphere vulnerability in Fortra Filecatalyst Workflow A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. | 9.8 |