CVE-2024-6632

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.fortra.com/security/advisories/product-security/fi-2024-010	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fortra:filecatalyst_workflow:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-08-27 15:15

Updated : 2024-08-30 14:07

NVD link : CVE-2024-6632

Mitre link : CVE-2024-6632

CVE.ORG link : CVE-2024-6632

JSON object : View

Products Affected

fortra

filecatalyst_workflow

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-6632", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-08-27T15:15:17.300", "references": [{"url": "https://www.fortra.com/security/advisories/product-security/fi-2024-010", "tags": ["Vendor Advisory"], "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability."}, {"lang": "es", "value": "Existe una vulnerabilidad en FileCatalyst Workflow por la cual un campo al que puede acceder el superadministrador se puede utilizar para realizar un ataque de inyecci\u00f3n SQL que puede provocar una p\u00e9rdida de confidencialidad, integridad y disponibilidad."}], "lastModified": "2024-08-30T14:07:18.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortra:filecatalyst_workflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CDAAF1B-D610-4238-8372-8A6DD3C2FC57", "versionEndExcluding": "5.1.7", "versionStartIncluding": "5.0.4"}], "operator": "OR"}]}], "sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff"}