7.8
CVE-2024-5275
- EPSS 0.05%
- Veröffentlicht 18.06.2024 15:15:52
- Zuletzt bearbeitet 21.11.2024 09:47:19
- Quelle df4dee71-de3a-4139-9588-11b62f
- CVE-Watchlists
- Unerledigt
A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of FileCatalyst Workflow from 5.1.6 Build 130 and earlier.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerfortra
≫
Produkt
filecatalyst_direct
Default Statusunaffected
Version <
3.8.10
Version
3.7
Status
affected
Herstellerfortra
≫
Produkt
filecatalyst_workflow
Default Statusunaffected
Version <
5.1.6
Version
4.9.8
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.148 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| df4dee71-de3a-4139-9588-11b62fe6c0ff | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-259 Use of Hard-coded Password
The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.