On 25 June 2024, Fortra published a security advisory for a vulnerability affecting their FileCatalyst Workflow product. The vulnerability, labelled as CVE-2024-5275, is rated as critical severity due to its low attack complexity and high impact. CVE-2024-5275 allows remote threat actors to execute unauthenticated SQL injection on FileCatalyst Workflow instances with anonymous access enabled which could result in threat actors performing sensitive actions such as deleting database tables or creating administrative users.
While CVE-2024-5275 is not currently being actively exploited, the original reporter of the vulnerability has published their technical analysis alongside a proof of concept. This elevates the risk of CVE-2024-5275 since managed file transfer products such as FileCatalyst Workflow are high value targets for threat actors. Most recently, an authentication bypass vulnerability (CVE-2024-5806) for Progress MOVEit managed file transfer product was actively exploited shortly after disclosure.
Recommendations for CVE-2024-5275
Recommendation #1: Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends upgrading to the latest fixed version.
Fortra states that older versions of FileCatalyst Workflow (5.1.5 and earlier) that utilise the included HSQLDB must migrate to MySQL or MariaDB prior to the upgrade. Find detailed instructions from Fortra.
Please follow your organisation’s patching and testing guidelines to avoid any operational impact.
| Product | Affected Version | Fixed Version |
| Fortra FileCatalyst Workflow | 5.1.6 build 135 or earlier | 5.1.6 build 139 |
Recommendation #2: Mitigation
For customers that are unable to upgrade, Fortra has provided a mitigation with a patch that must be applied prior to mitigation if running FileCatalyst Workflow older than v5.1.6 build 135.
Disable the Vulnerable Servlets
- Stop Tomcat Service
- Navigate to the “web.xml” file located at: <tomcat install dir>/webapps/workflow/WEB-INF/web.xml
- Backup the web.xml to a safe location before making changes
- Edit the file and comment out the servlet mapping blocks for: csv_servlet, pdf_servlet, xml_servlet, json_servlet
- Save the changes and start your Tomcat Service
