Vulnerable Fortra FileCatalyst Workflow instances impacted by the already addressed critical SQL injection flaw, tracked as CVE-2024-5276, could be targeted with attacks resulting in admin user creation and app data modifications, according to The Hacker News.
Both authenticated and unauthenticated users could leverage the vulnerability, which affects FileCatalyst Workflow versions 5.1.6 Build 135 and earlier, although activation of anonymous access within the Workflow system is needed for successful exploitation by the latter, said Fortra in an advisory. Immediate implementation of an issued update was urged but Fortra noted that several impacted servlets within the Apache Tomcat installation directory's "web.xml" file could also be conducted as a temporary fix. Such an issue was identified and reported by Tenable in May. "A user-supplied jobID is used to form the WHERE clause in an SQL query. An anonymous remote attacker can perform SQLi via the JOBID parameter in various URL endpoints of the workflow web application," said Tenable.
