A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of FileCatalyst Workflow from 5.1.6 Build 130 and earlier.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Fortra
Published: 2024-06-18T14:11:37.005Z
Updated: 2024-08-01T21:11:12.408Z
Reserved: 2024-05-23T16:28:44.181Z
Link: CVE-2024-5275
Vulnrichment
Updated: 2024-08-01T21:11:12.408Z
NVD
Status : Awaiting Analysis
Published: 2024-06-18T15:15:52.493
Modified: 2024-11-21T09:47:19.983
Link: CVE-2024-5275
Redhat
No data.