A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability.
References
Link | Resource |
---|---|
https://www.fortra.com/security/advisories/product-security/fi-2024-010 | Vendor Advisory |
Configurations
History
30 Aug 2024, 14:07
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fortra
Fortra filecatalyst Workflow |
|
CPE | cpe:2.3:a:fortra:filecatalyst_workflow:*:*:*:*:*:*:*:* | |
References | () https://www.fortra.com/security/advisories/product-security/fi-2024-010 - Vendor Advisory | |
Summary |
|
27 Aug 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-27 15:15
Updated : 2024-08-30 14:07
NVD link : CVE-2024-6632
Mitre link : CVE-2024-6632
CVE.ORG link : CVE-2024-6632
JSON object : View
Products Affected
fortra
- filecatalyst_workflow
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')