Fortra Releases Update on Critical Severity RCE Flaw

  /     /     /  
Publicated : 23/11/2024   Category : security


Fortra Releases Update on Critical Severity RCE Flaw


The flaw has a CVSS rating of 9.8, and the company recommends product upgrades to fix the issue.



Fortra this week released an update for
a critical vulnerability
that was initially discovered in August 2023.
Tracked as CVE-2024-25153 with a critical severity CVSS score of 9.8, the vulnerability poses a threat to the companys FileCatalyst file transfer product. Its a type of software that allows for the transfer of large files over remote networks experiencing high latency or packet loss, according to the company. 
The vulnerability can be exploited if an unauthenticated threat actor executes arbitrary code remotely on affected servers.
A directory traversal within the ftpservlet of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended uploadtemp directory with a specially crafted POST request,
Fortra said in its advisory
. In situations where a file is successfully uploaded to web portals DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.
Though Fortra has been aware of the bug since it was initially reported months ago, it is issuing a CVE now at the request of the individual who reported the vulnerability in the first place.
Fortra reports that products that are affected by this bug are its Fortra FileCatalyst Workflow 5.x software, and it recommends upgrading to the 5.1.6 Build 114 or higher to remediate the issue.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Fortra Releases Update on Critical Severity RCE Flaw