Fortra, a leading software security company, has released a critical patch addressing a severe vulnerability in its FileCatalyst Workflow software. The flaw, identified as CVE-2024-6633, poses significant risks, potentially allowing remote attackers to gain unauthorized administrative access. This vulnerability has been rated with a CVSS score of 9.8, reflecting its high severity.
The Root of the Vulnerability
The vulnerability originates from the use of a static password to connect to an HSQL database within FileCatalyst Workflow. According to Fortra’s advisory, “The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledge base article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software.”
The HSQLDB, a lightweight SQL database engine, was included by Fortra to streamline the installation process of FileCatalyst Workflow. However, it was never intended for production use. Fortra had previously deprecated the HSQLDB and advised users to configure the software to utilize an alternative database. Despite these recommendations, users who did not transition to a different database remain vulnerable to attacks, particularly if their system is accessible over a network that can reach the HSQLDB.
Tenable’s Discovery
The cybersecurity firm Tenable has been credited with discovering and reporting this critical flaw. According to Tenable, the HSQLDB is accessible remotely via TCP port 4406 by default. This means a remote attacker could potentially connect to the database using the static password, allowing them to execute malicious operations.
One such operation involves adding an admin-level user to the DOCTERA_USERS table within the database. This could enable the attacker to gain admin-level access to the FileCatalyst Workflow web application, effectively taking control of the system.
Fortra’s Response and the Importance of Patching
After receiving responsible disclosure of the vulnerability on July 2, 2024, Fortra acted swiftly, releasing a patch to address the issue in FileCatalyst Workflow version 5.1.7 and later. The patch is a crucial update that all users of the software must apply to mitigate the risk of exploitation.
In its advisory, Fortra emphasized the importance of replacing the default HSQLDB with a more secure and robust database solution for production environments. The company also reiterated the necessity of following best practices for database management and security configurations to prevent similar vulnerabilities from being exploited in the future.
Additional Vulnerabilities Addressed
In addition to the critical flaw CVE-2024-6633, Fortra’s latest update to FileCatalyst Workflow also addresses another significant security issue: a high-severity SQL injection vulnerability, tracked as CVE-2024-6632. This flaw, with a CVSS score of 7.2, involves improper input validation during the setup process of FileCatalyst Workflow.
Robin Wyss, a researcher at Dynatrace, provided insights into this SQL injection vulnerability. He explained that during the setup process, users are prompted to input company information via a form submission. However, this user input is not adequately validated, allowing an attacker to modify the database query. This could result in unauthorized modifications to the database, potentially compromising the integrity of the system.
The Broader Implications
The discovery of these vulnerabilities in FileCatalyst Workflow underscores the importance of regular software updates and adherence to security best practices. While Fortra has taken steps to address these issues promptly, the onus is on organizations using the software to ensure that they are running the latest, patched versions of the software.
Cybersecurity incidents like this one serve as a stark reminder of the vulnerabilities that can exist in widely-used software solutions. Without timely intervention and updates, these vulnerabilities could be exploited by malicious actors, leading to potentially catastrophic consequences for businesses and their data.
Final Thoughts
Fortra’s swift response to these vulnerabilities is commendable, but it also highlights the ongoing challenges in securing software products in an increasingly complex digital landscape. Organizations using FileCatalyst Workflow should not only apply the latest patches immediately but also review their overall security posture to protect against similar threats in the future.
As cybersecurity threats continue to evolve, it is critical for both software developers and users to remain vigilant. Regular updates, strong security practices, and a proactive approach to vulnerability management are essential components in safeguarding digital assets against emerging threats.
Follow us on 
(Twitter) for real time updates and exclusive content.
Interesting Article : WPML Plugin Flaw Puts WordPress Sites at Risk of Remote Code Execution