Description

A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of FileCatalyst Workflow from 5.1.6 Build 130 and earlier.

INFO

Published Date :

2024-06-18T14:11:37.005Z

Last Modified :

2024-08-01T21:11:12.408Z

Source :

Fortra
AFFECTED PRODUCTS

The following products are affected by CVE-2024-5275 vulnerability.

Vendors Products
Fortra
  • Filecatalyst Direct
  • Filecatalyst Workflow
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-5275.

URL Resource
https://support.fortra.com/filecatalyst/kb-articles/action-required-by-june-18th-2024-filecatalyst-transferagent-ssl-and-localhost-changes-MWQwYjI3ZGItZmQyMS1lZjExLTg0MGItMDAyMjQ4MGE0MDNm cve-icon cve-icon cve-icon
https://www.fortra.com/security/advisory/fi-2024-007 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact