A critical security flaw has been uncovered in the popular Fortra FileCatalyst Workflow platform, a tool widely used for efficient file exchange and collaboration within private cloud environments. This vulnerability, known as CVE-2024-5276, poses a significant risk as it allows remote attackers to exploit SQL injection and potentially create unauthorized administrative accounts and manipulate the application’s database.
Fortra FileCatalyst Workflow plays a crucial role in enabling organizations to quickly and securely transfer data, especially large files, across secure, private cloud spaces. Its seamless collaboration features make it an essential tool for many businesses around the world.
The discovery of the Fortra FileCatalyst Workflow vulnerability, CVE-2024-5276, on June 18, 2024, by Tenable researchers marked a critical milestone due to its potential impact. The flaw affects versions up to FileCatalyst Workflow 5.1.6 Build 135, highlighting the significance of the issue.
The vulnerability stems from improper input validation in the application’s handling of SQL queries, specifically through the ‘jobID’ parameter in various URL endpoints. Exploiting this flaw can allow attackers to inject malicious SQL code, granting them unauthorized access to the system.
Promptly responding to Tenable’s responsible disclosure, Fortra addressed the issue by releasing a security bulletin clarifying that although the vulnerability enables the creation of admin users and data manipulation, it does not directly lead to data theft. Fortra released a fix in FileCatalyst Workflow version 5.1.6 Build 139, which patches the vulnerability and is strongly recommended for all users.
Users of affected versions (up to Build 135) are strongly advised to upgrade immediately to the patched version (Build 139) to mitigate the risk of exploitation. Additionally, disabling anonymous access on the Workflow system for those unable to upgrade immediately can lower the exposure to potential attacks leveraging CVE-2024-5276.
Despite no documented cases of CVE-2024-5276 being actively exploited at the moment, the severity of the vulnerability and the availability of exploit details emphasize the importance of prioritizing updates to protect systems against potential threats. The swift response to CVE-2024-5276 showcases the critical role of proactive security measures in safeguarding organizational data integrity and confidentiality.
Fortra’s proactive approach in releasing a patch underscores the growing vulnerabilities within internet devices and the importance of securing user data. For more information on CVE-2024-5276 and to download the latest patched version of FileCatalyst Workflow, users are encouraged to visit the official Fortra FileCatalyst Workflow website.