Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability
28-August-24
Fortra has patched two critical vulnerabilities in FileCatalyst Workflow with the release of version 5.1.7. The first, CVE-2024-6633, involves a critical flaw where default credentials for the internal HSQL database are publicly exposed, allowing attackers to gain admin access to the Workflow web application. The second, CVE-2024-6632, is a SQL injection vulnerability that could enable unauthorized database modifications during setup. Both vulnerabilities affect FileCatalyst Workflow 5.1.6 Build 139 and earlier, and upgrading to v5.1.7 is the only way to secure affected installations.
