Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application

Summary:
A critical security flaw in Fortra FileCatalyst Workflow, tracked as CVE-2024-5276 with a CVSS score of 9.8, has been disclosed. This SQL injection vulnerability affects versions 5.1.6 Build 135 and earlier and allows attackers to modify application data, potentially creating administrative users or altering and deleting database information. Fortra's advisory highlights that the vulnerability can be exploited if the Workflow system has anonymous access enabled, or by an authenticated user. Users who cannot immediately apply the patch are advised to disable the vulnerable servlets—csv_servlet, pdf_servlet, xml_servlet, and json_servlet—in the "web.xml" file located in the Apache Tomcat installation directory as a temporary workaround.


Analyst Comments:
The flaw was reported by cybersecurity firm Tenable on May 22, 2024, which has since released a proof-of-concept (PoC) exploit. Tenable explained that the vulnerability is due to a user-supplied jobID being used to form the WHERE clause in an SQL query, enabling an attacker to perform SQL injection through various URL endpoints of the workflow web application.

Suggested Corrections:
FileCatalyst Workflow users are advised to upgrade to 5.1.6 build 139 (or later).


Link(s):
https://thehackernews.com/2024/06/critical-sqli-vulnerability-found-in.html