CVE-2024-5276

Name of the Vulnerable Software and Affected Versions Fortra FileCatalyst Workflow versions 5.1.6 Build 135 and earlier

Description The issue is related to a SQL injection vulnerability that allows an attacker to modify application data. This can likely result in the creation of administrative users and the deletion or modification of data in the application database. However, data exfiltration via SQL injection is not possible using this vulnerability. Successful exploitation requires either a Workflow system with anonymous access enabled for unauthenticated attackers or an authenticated user.

Recommendations For versions 5.1.6 Build 135 and earlier, update to a version that includes the fix for this SQL injection vulnerability. As a temporary workaround, consider disabling anonymous access in the Workflow system to minimize the risk of unauthenticated exploitation. Restrict access to the application database to prevent potential data modification or deletion. Avoid using the application until the issue is resolved to prevent potential privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.