Fortra FileCatalyst Workflow vulnerable to critical SQL Injection
Take action: If you are using Fortra FileCatalyst Workflow, check whether anonymous access is enabled on your instance. If it is, you need to patch IMMEDIATELY - wake up your team and get to patching. If anonymous access is not enabled, you have room to breathe. Plan to patch soon, but no need to panic.
Learn More
Fortra FileCatalyst Workflow, a web-based platform providing file exchange and sharing, has been found to have a critical SQL injection vulnerability.
The flaw, tracked as CVE-2024-5276 (CVSS score 9.8), allows remote, unauthenticated attackers to create unauthorized admin users and manipulate the database. Fortra has clarified in its security bulletin that while the vulnerability permits admin user creation and database manipulation, it does not allow data exfiltration.
The vulnerability exploits the 'jobID' parameter in various URL endpoints of the Workflow web application. The 'findJob' method uses a user-supplied 'jobID' without proper input sanitization to form the 'WHERE' clause in an SQL query, enabling attackers to insert malicious code.
Exploitation without authentication requires that anonymous access is enabled on the target instance. Otherwise, the attacker would need valid authentication credentials.
Affected Versions are FileCatalyst Workflow versions up to and including 5.1.6 Build 135
Fortra has released a patch in version 5.1.6 Build 139. Users are strongly advised to upgrade as soon as possible. Tenable has also published a proof-of-concept (PoC) exploit demonstrating the vulnerability.
