A significant security vulnerability has been identified in Fortra FileCatalyst Workflow that could potentially allow attackers to compromise the application database if not addressed promptly. The issue, designated CVE-2024-5276, has been assigned a critical CVSS score of 9.8. This flaw affects all FileCatalyst Workflow versions up to and including 5.1.6 Build 135, with a patch included in the subsequent release, Build 139.
The vulnerability stems from an SQL injection flaw in the FileCatalyst Workflow, enabling unauthorized users to alter application data. In an advisory issued Tuesday, Fortra warned about the potential impacts, which could range from the unauthorized creation of administrative users to the deletion and modification of vital data stored within the application database. The severity of the vulnerability is underscored by the fact that exploitation can occur either through systems configured to allow anonymous access or by authenticated users.
This issue was reported by cybersecurity firm Tenable on May 22, 2024, which subsequently released a proof-of-concept (PoC) exploit demonstrating the vulnerability. As described by Tenable, the exploitation relies on manipulating a user-supplied jobID in the SQL query’s WHERE clause, facilitating remote SQL injection attacks via various URL endpoints within the workflow web application.
Proactive measures for those who cannot immediately apply the patch are available. A temporary workaround involves disabling specific vulnerable servlets—csv_servlet, pdf_servlet, xml_servlet, and json_servlet—in the “web.xml” file located within the Apache Tomcat installation directory. However, this should only serve as a stopgap measure until the official patch can be integrated into affected systems.
The Fortra FileCatalyst flaw poses a significant risk primarily for organizations utilizing the vulnerable versions of the software, which may inadvertently expose sensitive data and operational controls. Business owners need to understand that such vulnerabilities can be exploited through tactics outlined in the MITRE ATT&CK framework, particularly those related to initial access through injection and privilege escalation.
Given the critical nature of this vulnerability, it is imperative that business leaders prioritize the security posture of their applications. Regular updates and vigilant monitoring of software are essential to mitigate risks associated with SQL injection vulnerabilities and other cyber threats.
As cybersecurity incidents increasingly target business-critical applications, understanding and addressing vulnerabilities swiftly is key to preserving the integrity of organizational data. Organizations must remain vigilant and proactive in their security measures, ensuring both the timely application of patches and the implementation of best practices to prevent exploitation of similar flaws.
