1. Home
  2. CVE Database
  3. CVE-2024-6633
CRITICAL · 9.8

CVE-2024-6633

The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confid...

Vulnerability Description

The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
FortraFilecatalyst Workflow>= 5.0.4, < 5.1.7

Related Weaknesses (CWE)

CWE-798CWE-200

References

FAQ

What is CVE-2024-6633?

CVE-2024-6633 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confid...

How severe is CVE-2024-6633?

CVE-2024-6633 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-6633?

Check the references section above for vendor advisories and patch information. Affected products include: Fortra Filecatalyst Workflow.