Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application

A critical SQL injection vulnerability, tracked as CVE-2024-5276, has been discovered in Fortra FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. This flaw carries a CVSS score of 9.8 and could allow attackers to manipulate the application’s database, potentially enabling actions like creating administrative users or modifying/deleting data. Fortra has addressed this issue in version 5.1.6 build 139. Users are advised to apply the patch promptly. As a temporary workaround, disabling vulnerable servlets in the “web.xml” file can mitigate the risk of exploitation. Cybersecurity firm Tenable reported the vulnerability and has released a proof-of-concept exploit demonstrating its impact.

Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address

Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application

27-June-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address