Vulnerability Details CVE-2024-25153
A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.803
EPSS Ranking 99.0%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2024-25153
-
cpe:2.3:a:fortra:filecatalyst_workflow:5.0
-
cpe:2.3:a:fortra:filecatalyst_workflow:5.0.1
-
cpe:2.3:a:fortra:filecatalyst_workflow:5.0.2
-
cpe:2.3:a:fortra:filecatalyst_workflow:5.0.3
-
cpe:2.3:a:fortra:filecatalyst_workflow:5.0.4
-
cpe:2.3:a:fortra:filecatalyst_workflow:5.0.5
-
cpe:2.3:a:fortra:filecatalyst_workflow:5.1
-
cpe:2.3:a:fortra:filecatalyst_workflow:5.1.1
-
cpe:2.3:a:fortra:filecatalyst_workflow:5.1.2
-
cpe:2.3:a:fortra:filecatalyst_workflow:5.1.3
-
cpe:2.3:a:fortra:filecatalyst_workflow:5.1.4
-
cpe:2.3:a:fortra:filecatalyst_workflow:5.1.5
-
cpe:2.3:a:fortra:filecatalyst_workflow:5.1.6