Fortra this week launched an replace for a important vulnerability that was initially found in August 2023.
Tracked as CVE-2024-25153 with a important severity CVSS rating of 9.8, the vulnerability poses a menace to the corporate’s FileCatalyst file switch product. It is a kind of software program that permits for “the switch of enormous information over distant networks experiencing excessive latency or packet loss,” in keeping with the corporate.
The vulnerability might be exploited if an unauthenticated menace actor executes arbitrary code remotely on affected servers.
“A listing traversal inside the ‘ftpservlet’ of the FileCatalyst Workflow Net Portal permits information to be uploaded exterior of the meant ‘uploadtemp’ listing with a specifically crafted POST request,” Fortra stated in its advisory. “In conditions the place a file is efficiently uploaded to net portal’s DocumentRoot, specifically crafted JSP information could possibly be used to execute code, together with net shells.”
Although Fortra has been conscious of the bug because it was initially reported months in the past, it’s issuing a CVE now on the request of the person who reported the vulnerability within the first place.
Fortra stories that merchandise which are affected by this bug are its Fortra FileCatalyst Workflow 5.x software program, and it recommends upgrading to the 5.1.6 Construct 114 or greater to remediate the problem.