Tom Wedgbury

**Name of the Vulnerable Software and Affected Versions** FileCatalyst Workflow versions prior to 5.1.6 Build 114 **Description** A directory traversal vulnerability within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. This could lead to the execution of arbitrary code, including web shells, if a file is successfully uploaded to the web portal’s DocumentRoot. The issue is related to errors in handling HTTP POST requests. Approximately 97 instances are mainly distributed in the United States, India, and other countries. **Recommendations** For versions prior to 5.1.6 Build 114, update to version 5.1.6 Build 114 or later to patch the critical flaw and prevent unauthorized remote code execution. As a temporary workaround, consider restricting access to the ‘ftpservlet’ component until a patch is applied. Additionally, disabling anonymous login for public users in the FileCatalyst Workflow can help minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: EpiServer Find versions prior to 13.2.7 Description: The issue allows an attacker to redirect users to untrusted websites via the ` t redirect` parameter in a crafted URL, such as a "/find v2/ click" URL. Recommendations: For versions prior to 13.2.7, update to version 13.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the ` t redirect` parameter in the "/find v2/ click" URL to minimize the risk of exploitation.