Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB, the attacker can perform malicious operations in the database. For example, the attacker can add an admin-level user in the DOCTERA_USERS table, allowing access to the Workflow web application as an admin user,” Tenable researchers discovered. Two flaws fixed Fortra FileCatalyst Workflow is … More
The post Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) appeared first on Help Net Security.