Fortra Releases Update on Critical Severity RCE Flaw
The flaw has a CVSS rating of 9.8, and the company recommends product upgrades to fix the issue.
Fortra this week released an update for a critical vulnerability that was initially discovered in August 2023.
Tracked as CVE-2024-25153 with a critical severity CVSS score of 9.8, the vulnerability poses a threat to the company's FileCatalyst file transfer product. It's a type of software that allows for "the transfer of large files over remote networks experiencing high latency or packet loss," according to the company.
The vulnerability can be exploited if an unauthenticated threat actor executes arbitrary code remotely on affected servers.
"A directory traversal within the 'ftpservlet' of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended 'uploadtemp' directory with a specially crafted POST request," Fortra said in its advisory. "In situations where a file is successfully uploaded to web portal's DocumentRoot, specially crafted JSP files could be used to execute code, including web shells."
Though Fortra has been aware of the bug since it was initially reported months ago, it is issuing a CVE now at the request of the individual who reported the vulnerability in the first place.
Fortra reports that products that are affected by this bug are its Fortra FileCatalyst Workflow 5.x software, and it recommends upgrading to the 5.1.6 Build 114 or higher to remediate the issue.
About the Author
You May Also Like
A Cyber Pros' Guide to Navigating Emerging Privacy Regulation
Dec 10, 2024Identifying the Cybersecurity Metrics that Actually Matter
Dec 11, 2024The Current State of AI Adoption in Cybersecurity, Including its Opportunities
Dec 12, 2024Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024