Vulnerabilities

CVE-2024-5276 SQL injection vulnerability in FileCatalyst Workflow; CVE-2024-5275 Hard coded password in FileCatalyst TransferAgent

Written by Critical Insight | Jul 10, 2024 10:29:38 PM

This advisory is for organizations that use Fortra FileCatalyst Workflow and Transfer Agent to accommodate file transfers.  If your organization does not use this product, this notification may be discarded. 

 

Summary

Fortra FileCatalyst is a file transfer acceleration solution that can send files quickly and securely across global networks. It's part of Fortra's Secure File Transfer Suite and is designed to be resistant to packet loss and latency.

 

On June 24, 2024 Fortra noted A SQL injection vulnerability exists, whereby an attacker can utilize a script to implement the injection and execute an undesired SQL command, including table deletion or creating an admin-level user. An admin-level user has privileges that may affect other FileCatalyst components within your deployment.

 

Fortra also noted a hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent.

 

CVE-2024-5276: CVSSv3.1: 9.8

               SQL injection vulnerability in FileCatalyst Workflow

CVE-2024-5275: CVSSv3.1: 7.8

                Hard coded password in FileCatalyst Transfer Agent and Workflow

 

Affected Platforms

FileCatalyst Workflow v 5.1.6 build 135 and earlier

FileCatalyst Direct 3.8.10 Build 138 TransferAgent (and earlier) and FileCatalyst Workflow 5.1.6 Build 130 (and earlier)

 

Mitigations

 

Additional Resources

https://filecatalyst.software/workflow.html

https://www.fortra.com/security/advisory/fi-2024-008

https://www.fortra.com/security/advisory/fi-2024-007

https://nvd.nist.gov/vuln/detail/CVE-2024-5276

https://nvd.nist.gov/vuln/detail/CVE-2024-5275