Fortra has swiftly remediated a critical vulnerability in FileCatalyst Workflow that could have been exploited by a remote assailant to gain unauthorized administrator access, potentially compromising the integrity of sensitive data and systems.
A critical vulnerability, designated as CVE-2024-6633, boasts a CVSS score of 9.8, resulting from reliance on a static password for HSQL database connectivity.
The default credentials for the HSQL database setup, as specified by HSQLDB and used within FileCatalyst Workflow, have been inadvertently left exposed through a vendor advisory issued by Fortra. “Misuse of these credentials may compromise the confidentiality, integrity, and availability of the software program, potentially resulting in severe consequences.”
The inclusion of HSQLDB appears to be merely a convenience during setup, as it has since been deprecated by the vendor and is not intended for production environments, as indicated in relevant guidelines. However, customers who fail to configure FileCatalyst Workflow to utilize a separate database as recommended leave themselves vulnerable to attacks from any source that can access the default HSQLDB.
Tenable, a cybersecurity company, identified and reported the vulnerability, which allows remote access to the HSQLDB via TCP port 4406 by default, enabling an attacker at a distance to connect using the static password and execute malicious actions.
Following an accountable disclosure on July 2, 2024, Fortra has released a security patch to address a vulnerability in FileCatalyst Workflow versions 5.1.7 and later.
For illustration, an assailant can introduce a high-ranking user account within the DOCTERA_USERS workspace, thereby granting access to the Workflow network tool with administrative privileges, according to Tenable.
A high-severity SQL injection vulnerability (CVE-2024-6632, CVSS rating: 7.2) exists in model 5.1.7, which exploits a type submission step during the setup process to enable unauthorized modifications of the database.
During the setup process for FileCatalyst Workflow, users are required to provide company-specific information through a straightforward submission form.
“The submitted data is utilized in a database statement; however, the user input does not undergo proper input validation.” As a result, the assailant has the ability to alter the inquiry. This allows for unauthorized modifications to the database.
