CVE-2024-5275

CVSS V2 None CVSS V3 None

Description

A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of FileCatalyst Workflow from 5.1.6 Build 130 and earlier.

Overview

CVE ID
CVE-2024-5275

Assigner
Fortra

Vulnerability Status
PUBLISHED

Published Version
2024-06-18T14:11:37.005Z

Last Modified Date
2024-06-18T14:11:37.005Z

Weakness Enumerations

CWE	URL
CWE-259	http://cwe.mitre.org/data/definitions/259.html

References

Reference URL	Reference Tags
https://www.fortra.com/security/advisory/fi-2024-007	vendor-advisory
https://support.fortra.com/filecatalyst/kb-articles/action-required-by-june-18th-2024-filecatalyst-transferagent-ssl-and-localhost-changes-MWQwYjI3ZGItZmQyMS1lZjExLTg0MGItMDAyMjQ4MGE0MDNm

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-5275
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5275

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 03:23:34				Added to TrackCVE