CVE-2024-5275

Name of the Vulnerable Software and Affected Versions FileCatalyst Direct versions 3.8.10 Build 138 and earlier FileCatalyst Workflow versions 5.1.6 Build 130 and earlier

Description A hard-coded password in the FileCatalyst TransferAgent can be used to unlock the keystore, allowing access to its contents, such as the private key for certificates. This could lead to a machine-in-the-middle (MiTM) attack against users of the agent.

Recommendations For FileCatalyst Direct versions 3.8.10 Build 138 and earlier, update to a version later than 3.8.10 Build 138 to resolve the issue. For FileCatalyst Workflow versions 5.1.6 Build 130 and earlier, update to a version later than 5.1.6 Build 130 to resolve the issue. As a temporary workaround, consider restricting access to the TransferAgent to minimize the risk of exploitation.