Fortra Filecatalyst Workflow
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Fortra Filecatalyst Workflow.
By the Year
In 2026 there have been 0 vulnerabilities in Fortra Filecatalyst Workflow. Filecatalyst Workflow did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 4 | 8.98 |
It may take a day or so for new Filecatalyst Workflow vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Fortra Filecatalyst Workflow Security Vulnerabilities
FileCatalyst Workflow HSQLDB Default Credentials Exposure
CVE-2024-6633
9.8 - Critical
- August 27, 2024
The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB.
Use of Hard-coded Credentials
FileCatalyst Workflow SQLi via Super Admin Field
CVE-2024-6632
7.2 - High
- August 27, 2024
A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability.
SQL Injection
SQL Injection in Fortra FileCatalyst Workflow <=5.1.6 Build 135
CVE-2024-5276
9.1 - Critical
- June 25, 2024
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.
SQL Injection
FileCatalyst Workflow: FTP Servlet Dir Traversal Enables Arbitrary File Uploads
CVE-2024-25153
9.8 - Critical
- March 13, 2024
A directory traversal within the ftpservlet of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended uploadtemp directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portals DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.
Assumed-Immutable Parameter Tampering
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fortra Filecatalyst Workflow or by Fortra? Click the Watch button to subscribe.
