Platform
other
Component
filecatalyst-workflow
Fixed in
5.1.7
CVE-2024-5276 is a critical SQL Injection vulnerability discovered in Fortra FileCatalyst Workflow. This vulnerability allows attackers to modify application data, potentially leading to unauthorized access and data manipulation. It impacts versions 0 through 5.1.6 and has been resolved in version 5.1.7.
Successful exploitation of CVE-2024-5276 allows an attacker to inject malicious SQL code into FileCatalyst Workflow, enabling them to manipulate the application's database. This can result in the creation of unauthorized administrative users, granting attackers elevated privileges within the system. Furthermore, attackers can modify existing data within the database, potentially corrupting or deleting critical information. While direct data exfiltration via SQL injection is not possible with this specific vulnerability, the ability to modify data poses a significant risk to data integrity and system security. The requirement for anonymous access or an authenticated user to exploit the vulnerability narrows the scope somewhat, but still presents a considerable threat.
CVE-2024-5276 was published on 2024-06-25. The vulnerability's critical CVSS score (9.8) indicates a high probability of exploitation. Public proof-of-concept exploits are not currently known, but the ease of SQL injection exploitation suggests this may change. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting FileCatalyst Workflow.
Exploit Status
EPSS
85.36% (99% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-5276 is to upgrade FileCatalyst Workflow to version 5.1.7 or later. If an immediate upgrade is not feasible, disable anonymous access to the Workflow system to prevent unauthenticated exploitation. Consider implementing Web Application Firewall (WAF) rules to detect and block SQL injection attempts targeting the vulnerable endpoints. Thoroughly review and validate all user inputs to prevent malicious SQL code from being injected. After upgrading, confirm the fix by attempting a SQL injection attack on the vulnerable endpoint and verifying that it is blocked.
Update FileCatalyst Workflow to a version later than 5.1.6 Build 135. Consult the Fortra advisory for the patched version and specific upgrade instructions. If you cannot update immediately, consider disabling anonymous access or restricting access to authenticated users.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-5276 is a critical SQL Injection vulnerability in FileCatalyst Workflow allowing attackers to modify application data. It affects versions 0-5.1.6 and has a CVSS score of 9.8.
You are affected if you are running FileCatalyst Workflow versions 0 through 5.1.6. Immediate action is required to mitigate the risk.
Upgrade FileCatalyst Workflow to version 5.1.7 or later. If immediate upgrade is not possible, disable anonymous access and implement WAF rules.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest active exploitation is possible. Continuous monitoring is recommended.
Refer to the Fortra security advisory for CVE-2024-5276 on the Fortra website for detailed information and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.