Critical Patch Released for High-Risk FileCatalyst Workflow Security Vulnerability (CVE-2024-6633)
Digital Forensics Research and Service Center (DFRSC)
White Collar Crime Investigation | Digital Forensics | Cyber Security | Malware Analysis
On August 28, 2024, Fortra issued a critical security patch addressing a severe vulnerability in its FileCatalyst Workflow software, a tool widely used for fast and secure file transfers. The vulnerability, tracked as CVE-2024-6633, has garnered significant attention due to its high CVSS score of 9.8, indicating a critical level of risk. The flaw, discovered by cybersecurity company Tenable, could be exploited by a remote attacker to gain unauthorized administrative access, posing a serious threat to the confidentiality, integrity, and availability of the software.
The Root Cause: Static Password in HSQL Database
The crux of the vulnerability lies in the use of a static password to connect to a default HSQL database (HSQLDB) included with FileCatalyst Workflow. The password, which was published in a vendor knowledge base article, allows an attacker to remotely connect to the database and execute malicious operations. This flaw is particularly concerning because the HSQLDB is remotely accessible on TCP port 4406 by default, providing an easy entry point for attackers who can reach the database.
Fortra has clarified that the HSQLDB is intended solely to facilitate installation and has been deprecated. The company strongly advises users to configure FileCatalyst Workflow to use an alternative database for production environments. However, organizations that have not followed these recommendations remain vulnerable, making this patch crucial for ensuring security.
Impact: Unauthorized Admin Access and Database Manipulation
Exploiting this vulnerability, an attacker could add an admin-level user to the DOCTERA_USERS table within the HSQLDB, thereby gaining administrative access to the Workflow web application. This level of access could lead to severe consequences, including unauthorized data access, system manipulation, and potential data breaches.
领英推è
In addition to CVE-2024-6633, Fortra's patch also addresses a high-severity SQL injection vulnerability (CVE-2024-6632), with a CVSS score of 7.2. This flaw occurs during the setup process of FileCatalyst Workflow, where user input is inadequately validated. An attacker could exploit this by modifying a database query during the form submission step, leading to unauthorized changes in the database.
Patch and Mitigation
Following Tenable’s responsible disclosure on July 2, 2024, Fortra released a patch for FileCatalyst Workflow version 5.1.7 or later. Users of the software are strongly encouraged to apply this update immediately to mitigate the risks associated with these vulnerabilities.
For organizations using FileCatalyst Workflow, it is imperative to verify that their systems are not using the default HSQLDB and have been updated to the latest version. Failure to address these vulnerabilities could result in significant security breaches, underscoring the importance of timely patch management in maintaining robust cybersecurity defenses.
Conclusion
The discovery of these critical vulnerabilities in FileCatalyst Workflow highlights the ongoing challenges in securing enterprise software. As cyber threats continue to evolve, staying vigilant and promptly applying security updates is essential to protecting sensitive data and maintaining operational integrity. Fortra’s quick response and the release of a comprehensive patch are commendable, but the responsibility also lies with users to ensure that their systems are secure and up-to-date.