This advisory is for organizations that use Fortra FileCatalyst Workflow and Transfer Agent to accommodate file transfers. If your organization does not use this product, this notification may be discarded.
Summary
Fortra FileCatalyst is a file transfer acceleration solution that can send files quickly and securely across global networks. It's part of Fortra's Secure File Transfer Suite and is designed to be resistant to packet loss and latency.
On June 24, 2024 Fortra noted A SQL injection vulnerability exists, whereby an attacker can utilize a script to implement the injection and execute an undesired SQL command, including table deletion or creating an admin-level user. An admin-level user has privileges that may affect other FileCatalyst components within your deployment.
Fortra also noted a hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent.
CVE-2024-5276: CVSSv3.1: 9.8
SQL injection vulnerability in FileCatalyst Workflow
CVE-2024-5275: CVSSv3.1: 7.8
Hard coded password in FileCatalyst Transfer Agent and Workflow
Affected Platforms
FileCatalyst Workflow v 5.1.6 build 135 and earlier
FileCatalyst Direct 3.8.10 Build 138 TransferAgent (and earlier) and FileCatalyst Workflow 5.1.6 Build 130 (and earlier)
Mitigations
Additional Resources
https://filecatalyst.software/workflow.html
https://www.fortra.com/security/advisory/fi-2024-008
https://www.fortra.com/security/advisory/fi-2024-007
https://nvd.nist.gov/vuln/detail/CVE-2024-5276
https://nvd.nist.gov/vuln/detail/CVE-2024-5275