cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-6632,https://securityvulnerability.io/vulnerability/CVE-2024-6632,SQL Injection Vulnerability in FileCatalyst Workflow,"A vulnerability in FileCatalyst Workflow developed by Fortra allows super administrators to exploit a particular field to execute SQL injection attacks. This manipulation can compromise sensitive data, leading to potential breaches in confidentiality, integrity, and availability of information. Such vulnerabilities highlight the importance of securing admin-level access and ensuring that robust security measures are in place to protect against unauthorized database access.",Fortra,Filecatalyst Workflow,7.2,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-08-27T14:12:12.272Z,0
CVE-2024-6633,https://securityvulnerability.io/vulnerability/CVE-2024-6633,"Vulnerability in HSQLDB Could Lead to Compromise of Confidentiality, Integrity, or Availability of FileCatalyst Workflow","The vulnerability CVE-2024-6633 is a critical flaw in Fortra's FileCatalyst Workflow, with a CVSS v3.1 score of 9.8, indicating its severity. This vulnerability allows attackers to gain unauthorized access to the internal HSQL database, potentially leading to data theft and the creation of admin-level users. The flaw was discovered by Tenable, which found that the static password ""GOSENSGO613"" was being used on all FileCatalyst Workflow deployments. The database is remotely accessible and the vulnerability can only be fixed by upgrading to version 5.1.7 or later. The vendor, Fortra, has released a security bulletin advising users to upgrade their instances to mitigate the risk of exploitation. There is a significant risk of unauthorized access and malicious operations being performed on affected systems, making it critical for organizations to apply the available security updates as soon as possible.",Fortra,Filecatalyst Workflow,9.8,CRITICAL,0.000910000002477318,false,,true,false,false,,,false,false,,2024-08-27T14:11:24.527Z,0
CVE-2024-5276,https://securityvulnerability.io/vulnerability/CVE-2024-5276,SQL Injection Vulnerability in FileCatalyst Workflow Allows Modification of Application Data,"A SQL Injection vulnerability in Fortra FileCatalyst Workflow permits unauthorized alterations to application data. This may enable attackers to create new administrative users and modify or delete existing data in the application database. While data exfiltration is not possible through this specific vulnerability, an unauthenticated attacker may exploit it if anonymous access is enabled on the Workflow system. Otherwise, an authenticated user is required to carry out the exploitation. The vulnerability affects all versions of FileCatalyst Workflow 5.1.6 Build 135 and earlier.",Fortra,Filecatalyst Workflow,9.8,CRITICAL,0.0017399999778717756,false,,true,false,true,2024-06-26T17:56:06.000Z,,false,false,,2024-06-25T19:13:54.585Z,0
CVE-2024-5275,https://securityvulnerability.io/vulnerability/CVE-2024-5275,Hard-coded Password Vulnerability in FileCatalyst TransferAgent Could Lead to MiTM Attacks,"The vulnerability arises from a hard-coded password embedded in the FileCatalyst TransferAgent, which provides a potential pathway for unauthorized users to access sensitive keystore contents, such as private keys for certificates. This flaw permits attackers to exploit the agent, enabling man-in-the-middle (MiTM) attack scenarios that could compromise the confidentiality and integrity of data being transferred. All versions of FileCatalyst Direct prior to 3.8.10 Build 138 and FileCatalyst Workflow prior to 5.1.6 Build 130 are affected, necessitating immediate mitigation actions by users to secure their environments.",Fortra,"Filecatalyst Direct,Filecatalyst Workflow",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-18T14:11:37.005Z,0