← Voltar para CVEs
CVE-2024-6633
CRITICAL9.8
Descricao
The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado8/27/2024
Ultima modificacao8/29/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
fortra:filecatalyst_workflow
Fraquezas (CWE)
CWE-200CWE-798CWE-798
Referencias
https://www.fortra.com/security/advisories/product-security/fi-2024-011(df4dee71-de3a-4139-9588-11b62fe6c0ff)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.