Fortra Patches Critical SQL Injection in FileCatalyst Workflow

Share This Post

Fortra this week announced patches for a critical-severity SQL injection vulnerability in FileCatalyst Workflow that could allow attackers to create administrative user accounts.

Tracked as CVE-2024-5276 (CVSS score of 9.8) and affecting FileCatalyst Workflow version 5.1.6 Build 135 and earlier, the issue could also be exploited to modify application data, Fortra noted in an advisory.

“Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required,” the company explained.

According to cybersecurity company Tenable, which identified the security defect, CVE-2024-5276 exists because a user-supplied jobID is used when forming the ‘Where’ clause in an SQL query.

“An anonymous remote attacker can perform SQLi via the jobID parameter in various URL endpoints of the workflow web application,” Tenable said.

The cybersecurity firm also published proof-of-concept (PoC) code that triggers the SQL injection, creates a new administrative account with the password set to ‘password123’, and allows a remote attacker to log in to the newly created account.

An enterprise software solution for transferring large files across global networks, FileCatalyst relies on the UDP protocol for fast transfers and integrates with popular cloud storage services. FileCatalyst Workflow is the solution’s web portal component, enabling users to share, track, and modify files.

Fortra addressed the vulnerability in FileCatalyst Workflow version 5.1.6 build 139. Users are advised to update their instances as soon as possible, as Fortra’s streamlined file transfer solutions have been targeted in malicious attacks.

Advertisement. Scroll to continue reading.

In January last year, hackers associated with the Cl0p ransomware operation exploited a zero-day vulnerability in the company’s GoAnywhere managed file transfer (MFT) software, stealing data belonging to dozens of organizations.

Related: PoC Published for Critical Fortra Code Execution Vulnerability

Related: PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability

Related: Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager

Related: Sumo Logic Completes Investigation Into Recent Security Breach

This post was originally published on this site

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .