Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

Products

FileCatalyst Workflow

Source

df4dee71-de3a-4139-9588-11b62fe6c0ff

CVE-2024-6633 details

Published : Aug. 27, 2024, 3:15 p.m.
Last Modified : Aug. 27, 2024, 3:52 p.m.

Description

The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB.

CVSS Score

1	2	3	4	5	6	7	8	9.8	10

Weakness

Weakness	Name	Description
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

9.8

Exploitability Score

3.9

Impact Score

5.9

Base Severity

CRITICAL

Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL	Source
https://www.fortra.com/security/advisories/product-security/fi-2024-011	df4dee71-de3a-4139-9588-11b62fe6c0ff

This website uses the NVD API, but is not approved or certified by it.

CVE-2024-6633

Products

Source

Tags

CVE-2024-6633 details

Description

CVSS Score

Weakness

CVSS Data

Attack Vector

Attack Complexity

Privileges Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Exploitability Score

Impact Score

Base Severity

References