CVE-2024-6632

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:fortra:filecatalyst_workflow:*:*:*:*:*:*:*:*

History

30 Aug 2024, 14:07

Type Values Removed Values Added
First Time Fortra
Fortra filecatalyst Workflow
CPE cpe:2.3:a:fortra:filecatalyst_workflow:*:*:*:*:*:*:*:*
References () https://www.fortra.com/security/advisories/product-security/fi-2024-010 - () https://www.fortra.com/security/advisories/product-security/fi-2024-010 - Vendor Advisory
Summary
  • (es) Existe una vulnerabilidad en FileCatalyst Workflow por la cual un campo al que puede acceder el superadministrador se puede utilizar para realizar un ataque de inyección SQL que puede provocar una pérdida de confidencialidad, integridad y disponibilidad.

27 Aug 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-27 15:15

Updated : 2024-08-30 14:07


NVD link : CVE-2024-6632

Mitre link : CVE-2024-6632

CVE.ORG link : CVE-2024-6632


JSON object : View

Products Affected

fortra

  • filecatalyst_workflow
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')