CVE-2024-25153

Name of the Vulnerable Software and Affected Versions FileCatalyst Workflow versions prior to 5.1.6 Build 114

Description A directory traversal vulnerability within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. This could lead to the execution of arbitrary code, including web shells, if a file is successfully uploaded to the web portal’s DocumentRoot. The issue is related to errors in handling HTTP POST requests. Approximately 97 instances are mainly distributed in the United States, India, and other countries.

Recommendations For versions prior to 5.1.6 Build 114, update to version 5.1.6 Build 114 or later to patch the critical flaw and prevent unauthorized remote code execution. As a temporary workaround, consider restricting access to the ‘ftpservlet’ component until a patch is applied. Additionally, disabling anonymous login for public users in the FileCatalyst Workflow can help minimize the risk of exploitation.