Critical Vulnerability in Fortra FileCatalyst Workflow


Fortra has released a security update addressing a critical vulnerability found in FileCatalyst Workflow. FileCatalyst is an accelerated file transfer software solution that allows the transfer of large files over remote networks.

CVE-2024-5276 is an SQL Injection vulnerability with a CVSSv3 score of 9.8 (critical), which if exploited could allow an unauthenticated attacker to modify or delete data in the application database, and create administrative users.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • CVE-2024-9379: Ivanti Cloud Service Appliance Authenticated SQL Injection

    November 1, 2024

    The SonicWall Capture Labs threat research team became aware of an authenticated SQL injection vulnerability affecting Ivanti Cloud Service Appliances (CSA). Identified as CVE-2024-9379 and with a moderate score of 6.5 CVSSv3, the vulnerability is more severe than it initially appears due to reported exploitation attempts. Recently, in its October security update, Ivanti announced, “We are ...

  • Patch now! New Chrome update for two critical vulnerabilities

    October 30, 2024

    Google has released an update for its Chrome browser which includes patches for two critical vulnerabilities. The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never ...

  • Exploring CVE-2024-38227 vulnerability in Microsoft SharePoint

    October 25, 2024

    On September 10, Microsoft released another batch of updates addressing 79 vulnerabilities in its products. Among the patches that caught our attention were those for Microsoft SharePoint, an extensive content management system (CMS). Four out of the five SharePoint vulnerabilities covered by the September release allowed remote code execution (RCE) and one of them posed ...

  • Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers

    October 24, 2024

    Many software manufacturers and service providers deploy software and configuration updates as part of their service offerings. These updates may enhance features and/or address security vulnerabilities to provide benefits and security to customers. However, software and the systems that deploy software are highly complex and continually evolving, making it challenging to deploy secure updates. It is ...

  • Command Injection and Local File Inclusion in Grafana: CVE-2024-9264

    October 24, 2024

    The SonicWall Capture Labs threat research team became aware of a critical vulnerability in Grafana, assessed its impact and developed mitigation measures. Grafana is a multi-platform open-source analytics and visualization solution that can produce charts, graphs and alerts according to the data. Identified as CVE-2024-9264, Grafana versions 11.0.x, 11.1.x and 11.2.x allows an attacker with ‘viewer’ ...

  • The Crypto Game of Lazarus APT: Investors vs. Zero-days

    October 23, 2024

    On May 13, 2024, Kaspersky consumer-grade product Kaspersky Total Security detected a new Manuscrypt infection on the personal computer of a person living in Russia. Since Lazarus rarely attacks individuals, this piqued Kaspersky researchers interest and they decided to take a closer look. The researchers discovered that prior to the detection of Manuscrypt, Kaspersky technologies also ...