CVE-2024-25153

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html	Release Notes
https://www.fortra.com/security/advisory/fi-2024-002	Vendor Advisory
https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html	Release Notes
https://www.fortra.com/security/advisory/fi-2024-002	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:fortra:filecatalyst_workflow::::::::
	cpe:2.3:a:fortra:filecatalyst_workflow:5.1.6:build112::::::

History

21 Jan 2025, 19:01

Type	Values Removed	Values Added
CPE		cpe:2.3:a:fortra:filecatalyst_workflow:::::::: cpe:2.3:a:fortra:filecatalyst_workflow:5.1.6:build112::::::
First Time		Fortra filecatalyst Workflow Fortra
References	~~() https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html -~~	() https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html - Release Notes
References	~~() https://www.fortra.com/security/advisory/fi-2024-002 -~~	() https://www.fortra.com/security/advisory/fi-2024-002 - Vendor Advisory
CWE		CWE-668

Information

Published : 2024-03-13 15:15

Updated : 2025-01-21 19:01

NVD link : CVE-2024-25153

Mitre link : CVE-2024-25153

CVE.ORG link : CVE-2024-25153

JSON object : View

Products Affected

fortra

filecatalyst_workflow

CWE

CWE-472

External Control of Assumed-Immutable Web Parameter

CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2024-25153", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-03-13T15:15:50.913", "references": [{"url": "https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html", "tags": ["Release Notes"], "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff"}, {"url": "https://www.fortra.com/security/advisory/fi-2024-002", "tags": ["Vendor Advisory"], "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff"}, {"url": "https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.fortra.com/security/advisory/fi-2024-002", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "description": [{"lang": "en", "value": "CWE-472"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "A directory traversal within the \u2018ftpservlet\u2019 of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended \u2018uploadtemp\u2019 directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal\u2019s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells."}, {"lang": "es", "value": "Un directory traversal dentro del 'ftpservlet' de FileCatalyst Workflow Web Portal permite cargar archivos fuera del directorio 'uploadtemp' previsto con una solicitud POST especialmente manipulada. En situaciones en las que un archivo se carga correctamente en DocumentRoot del portal web, se pueden utilizar archivos JSP especialmente manipulados para ejecutar c\u00f3digo, incluidos los shells web."}], "lastModified": "2025-01-21T19:01:46.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortra:filecatalyst_workflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC2A7572-B5E1-443B-A63D-FFC98EDD8224", "versionEndExcluding": "5.1.6", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:a:fortra:filecatalyst_workflow:5.1.6:build112:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C338109-0CF4-4212-BF34-A3ECBEC7FDA2"}], "operator": "OR"}]}], "sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff"}