- 242/2024
- Critical
Fortra has released security updates to fix multiple vulnerabilities affecting Fortra FileCatalyst Workflow and Fortra GoAnywhere MFT.
The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, perform SQL injection attacks, or gain access to the affected system by utilizing the credentials stored in the HSQLDB.
Sample of the addressed vulnerabilities:
1. Insecure Default in FileCatalyst Workflow Vulnerability (CVE-2024-6633):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Fortra GoAnywhere MFT Security Bypass Vulnerability (CVE-2024-25157):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Bypass Security
The affected products:
- FileCatalyst Workflow 5.1.6 Build 139 and earlier versions.
- Fortra GoAnywhere MFT versions before 7.6.0.
Vulnerabilities
- CVE-2024-6632
- CVE-2024-6633
- CVE-2024-25157
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.