CVE-2024-5276
Published: 25 June 2024
Summary
CVE-2024-5276 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Fortra Filecatalyst Workflow. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2024-5276 is a SQL injection vulnerability in Fortra FileCatalyst Workflow that permits an attacker to modify application data, including creation of administrative users and deletion or modification of database records. Data exfiltration is not possible via this flaw. It affects all versions of FileCatalyst Workflow up to and including 5.1.6 Build 135 and is tracked under CWE-20 and CWE-89 with a CVSS 3.1 score of 9.8.
Successful exploitation can be performed unauthenticated when anonymous access is enabled on the Workflow system; otherwise an authenticated user account is required. An attacker reaching the vulnerable component can achieve high-impact changes to the application database without needing user interaction.
Fortra has published security advisories (FI-2024-008) and knowledge-base articles detailing the issue, along with Tenable research (TRA-2024-25) that reference the affected builds and remediation guidance.
The EPSS score for this CVE stands at 0.8742 with no material rise from a lower baseline.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-46512
Vulnerability details
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible…
more
using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated SQL injection in public-facing FileCatalyst Workflow enables initial access via exploitation (T1190), creation of administrative accounts (T1136.001), and modification/deletion of stored database data (T1565.001).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Directly implements checks on information inputs to reject invalid data before processing.
Penetration testing uses SQL injection payloads against database interfaces, identifying and supporting fixes for SQL injection weaknesses.
Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.
Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.
Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.