VYPR

Workflow

by FileCatalyst

CVEs (6)

  • CVE-2024-25153CriMar 13, 2024
    risk 0.67cvss 9.8epss 0.42

    A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s…

  • CVE-2024-6633CriAug 27, 2024
    risk 0.64cvss 9.8epss 0.01

    The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only…

  • CVE-2024-5275HigJun 18, 2024
    risk 0.51cvss 7.8epss 0.00

    A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack…

  • CVE-2024-6632HigAug 27, 2024
    risk 0.47cvss 7.2epss 0.01

    A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability.

  • CVE-2024-25155HigMar 13, 2024
    risk 0.47cvss 7.2epss 0.00

    In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script…

  • CVE-2024-25154MedMar 13, 2024
    risk 0.34cvss 5.3epss 0.00

    Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage.