CVE-2024-5275

HIGH

FileCatalyst <3.8.10-5.1.6 - Info Disclosure

Title source: llm

Description

A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of FileCatalyst Workflow from 5.1.6 Build 130 and earlier.

References (2)

[Various Sources] https://support.fortra.com/filecatalyst/kb-articles/action-required-by-june-18th-2024-filecatalyst-transferagent-ssl-and-localhost-changes-MWQwYjI3ZGItZmQyMS1lZjExLTg0MGItMDAyMjQ4MGE0MDNm

[Vendor Advisory] https://www.fortra.com/security/advisory/fi-2024-007

Scores

CVSS v3 7.8

EPSS 0.0005

EPSS Percentile 14.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-259

Status published

Products (2)

Fortra/FileCatalyst Direct 3.7 - 3.8.10.138

Fortra/FileCatalyst Workflow 4.9.8 - 5.1.6.130

Published Jun 18, 2024

Tracked Since Feb 18, 2026