Vulnerabilities > Fortra > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-6633 | Use of Hard-coded Credentials vulnerability in Fortra Filecatalyst Workflow The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. | 9.8 |
| 2024-03-13 | CVE-2024-25153 | Exposure of Resource to Wrong Sphere vulnerability in Fortra Filecatalyst Workflow A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. | 9.8 |
| 2024-01-22 | CVE-2024-0204 | Forced Browsing vulnerability in Fortra Goanywhere Managed File Transfer Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. | 9.8 |
| 2023-09-19 | CVE-2021-26837 | SQL Injection vulnerability in Fortra Delivernow SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information. | 9.8 |