Fortra has resolved a critical security vulnerability affecting FileCatalyst Workflow, which could be exploited by a remote attacker to gain administrative privileges.
The flaw, identified as CVE-2024-6633, has a CVSS score of 9.8 and arises from the use of a static password for connecting to an HSQL database.
In a vendor knowledge base article, the default credentials for the HSQL database (HSQLDB) used by FileCatalyst Workflow are disclosed, Fortra noted in an advisory. “Exploiting these credentials could compromise the confidentiality, integrity, or availability of the software.”
The advisory added, “The HSQLDB is only included to assist with installation, has been deprecated, and is not intended for production use according to vendor guidelines. Nevertheless, users who have not switched to an alternative database as recommended remain vulnerable to attacks from any entity that can access the HSQLDB.”
Cybersecurity firm Tenable, which discovered and reported the vulnerability, stated that the HSQLDB is by default accessible remotely on TCP port 4406, allowing attackers to connect using the static password and execute malicious activities.