Fortra has addressed a vital safety flaw impacting FileCatalyst Workflow that might be abused by a distant attacker to achieve administrative entry.
The vulnerability, tracked as CVE-2024-6633, carries a CVSS rating of 9.8, and stems from using a static password to connect with a HSQL database.
“The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are revealed in a vendor information base article,” Fortra mentioned in an advisory. “Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software.”
“The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB.”
Cybersecurity firm Tenable, which has been credited with discovering and reporting the flaw, mentioned the HSQLDB is remotely accessible on TCP port 4406 by default, thereby permitting a distant attacker to connect with the database utilizing the static password and carry out malicious operations.
Following accountable disclosure on July 2, 2024, Fortra has launched a patch to plug the safety gap in FileCatalyst Workflow 5.1.7 or later.
“For example, the attacker can add an admin-level user in the DOCTERA_USERS table, allowing access to the Workflow web application as an admin user,” Tenable mentioned.
Additionally addressed in model 5.1.7 is a high-severity SQL injection flaw (CVE-2024-6632, CVSS rating: 7.2) that abuses a kind submission step in the course of the setup course of to make unauthorized modifications of the database.
“During the setup process of FileCatalyst Workflow, the user is prompted to provide company information via a form submission,” Dynatrace researcher Robin Wyss mentioned.
“The submitted data is used in a database statement, but the user input is not going through proper input validation. As a result, the attacker can modify the query. This allows for unauthorized modifications on the database.”
