A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if remaining unpatched, could make it possible for an attacker to tamper with the application databases.
Tracked as CVE-2024-5276, the vulnerability carries a CVSS rating of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Establish 135 and before. It has been tackled in model 5.1.6 make 139.
“An SQL injection vulnerability in Fortra FileCatalyst Workflow permits an attacker to modify application facts,” Fortra stated in an advisory published Tuesday. “Very likely impacts involve generation of administrative end users and deletion or modification of information in the application databases.”
It also emphasised that profitable unauthenticated exploitation needs a Workflow system with anonymous obtain enabled. Alternatively, it can also be abused by an authenticated person.
Customers who cannot utilize the patches immediately can disable the vulnerable servlets – csv_servlet, pdf_servlet, xml_servlet, and json_servlet – in the “web.xml” file found in the Apache Tomcat installation listing as temporary workarounds.
Cybersecurity agency Tenable, which documented the flaw on May well 22, 2024, has due to the fact produced a evidence-of-idea (PoC) exploit for the flaw.
“A person-provided jobID is employed to sort the Where clause in an SQL question,” it claimed. “An nameless remote attacker can perform SQLi through the JOBID parameter in numerous URL endpoints of the workflow web software.”
Identified this short article intriguing? Observe us on Twitter and LinkedIn to go through far more exceptional material we publish.
Some parts of this article are sourced from:
thehackernews.com
New MOVEit Transfer Vulnerability Under Active Exploitation – Patch ASAP!