CVE-2024-6633

EPSS 1.44%
Veröffentlicht 27.08.2024 15:15:17
Zuletzt bearbeitet 29.08.2025 21:15:35
Quelle df4dee71-de3a-4139-9588-11b62f
CVE-Watchlists
Login
Unerledigt
Login

The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software.

The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortra ≫ Filecatalyst Workflow Version >= 5.0.4 < 5.1.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.44%	0.803

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
df4dee71-de3a-4139-9588-11b62fe6c0ff	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.fortra.com/security/advisories/product-security/fi-2024-011

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-6633

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6633

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6633

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-6633