Fortra limits access to FileCatalyst Workflow database after vendor knowledgebase article leaks default credentials.
August 30, 2024 By Ionut Arghire
Cybersecurity solutions provider Fortra this week announced patches for two vulnerabilities in FileCatalyst Workflow, including a critical-severity flaw involving leaked credentials.
The critical issue, tracked as CVE-2024-6633 (CVSS score of 9.8), exists because the default credentials for the setup HSQL database (HSQLDB) have been published in a vendor knowledgebase article.
According to the company, HSQLDB, which has been deprecated, is included to facilitate installation, and not intended for production use. If no alternative database has been configured, however, HSQLDB may expose vulnerable FileCatalyst Workflow instances to attacks.