Fortra is warning of a crucial hardcoded password flaw in FileCatalyst Workflow that might permit attackers unauthorized entry to an inside database to steal information and acquire administrator privileges.
The hardcoded password can be utilized by anybody to remotely entry an uncovered FileCatalyst Workflow HyperSQL (HSQLDB) database, gaining unauthorized entry to doubtlessly delicate data.
Moreover, the database credentials will be abused to create new admin customers, so attackers can acquire administrative-level entry to the FileCatalyst Workflow software and take full management of the system.
In a safety bulletin printed yesterday, Fortra says that the difficulty is tracked as CVE-2024-6633 (CVSS v3.1: 9.8, “critical”) and impacts FileCatalyst Workflow 5.1.6 Construct 139 and older releases. Customers are really helpful to improve to model 5.1.7 or later.
Fortra famous within the advisory that HSQLDB is included solely to facilitate the set up course of and recommends that customers arrange different options post-installation.
“The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides,” reads the bulletin.
“However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB.”
There are not any mitigations or workarounds, so system directors are really helpful to use the obtainable safety updates as quickly as potential.
Flaw discovery and particulars
Tenable found CVE-2024-6633 on July 1, 2024, once they discovered the identical static password, “GOSENSGO613,” on all FileCatalyst Workflow deployments.
Tenable explains that the interior Workflow HSQLDB is remotely accessible through TCP port 4406 on the product’s default settings, so the publicity is important.
Tenable notes that finish customers can’t change this password by standard means, so upgrading to five.1.7 or later is the one answer.
The excessive degree of entry, ease of exploitation, and potential good points for cybercriminals exploiting CVE-2024-6633 make this flaw extraordinarily harmful for customers of FileCatalyst Workflow.
Fortra merchandise are completely within the crosshairs of attackers as crucial flaws in them can result in mass-scale compromises of a number of high-value company networks without delay.
