A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of FileCatalyst Workflow from 5.1.6 Build 130 and earlier.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Fortra

Published: 2024-06-18T14:11:37.005Z

Updated: 2024-08-01T21:11:12.408Z

Reserved: 2024-05-23T16:28:44.181Z

Link: CVE-2024-5275

cve-icon Vulnrichment

Updated: 2024-08-01T21:11:12.408Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-18T15:15:52.493

Modified: 2024-11-21T09:47:19.983

Link: CVE-2024-5275

cve-icon Redhat

No data.