Fortra® Security & Trust Center

Emerging Threats

MOVEit Transfer Improper Authentication

Wed, 06/26/2024
Fortra is actively researching an improper authentication vulnerability in MOVEit Transfer – CVE-2024-5806. This vulnerability in the SFTP Module of Progress MOVEit Transfer can lead to authentication bypass. Customers can upgrade to a patched release to mitigate this vulnerability.
Security Advisory

SQL Injection Vulnerability in FileCatalyst Workflow 5.1.6 Build 135 (and earlier)

Tue, 06/25/2024
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access...
FI-2024-008
Critical
CVE-2024-5276
Security Advisory

Hard-coded password in FileCatalyst Direct 3.8.10 Build 138 TransferAgent (and earlier) and FileCatalyst Workflow 5.1.6 Build 130 (and earlier)

Tue, 06/18/2024
A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all...
FI-2024-007
High
CVE-2024-5275
Security Advisory

Improper Authentication in Tripwire Enterprise 9.1 APIs

Mon, 06/03/2024
An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, and Groups" feature is enabled. This vulnerability allows unauthenticated attackers to bypass authentication if a valid username is known....
FI-2024-006
Critical
CVE-2024-4332
Blog

Patch Tuesday Update May 2024

By Tyler Reguly on Wed, 05/15/2024
This month everyone is going to be talking about CVE-2024-30051 since it is known that it is being used in QakBot and other malware. This is an update that should be applied as soon as possible given the nature of the vulnerability and the fact that real world exploitation has been confirmed.
Emerging Threats

ArcaneDoor - Cisco Vulnerabilities

Fri, 04/26/2024
Fortra is actively investigating an attack campaign dubbed “ArcaneDoor” against Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) software. The campaign has been used to implant malware, execute commands, and potentially exfiltrate data. While the initial attack vector has not yet been identified, Cisco has identified three vulnerabilities impacting these devices, two of which have been used within the attack. CVE-2024-20353 CVE-2024-20358 CVE-2024-20359 All three vulnerabilities have been patched as part of the Cisco Threat Response.
Emerging Threats

OS Command Injection Vulnerability in GlobalProtect Gateway

Fri, 04/12/2024
Fortra is investigating a command injection vulnerability in the GlobalProtect Gateway in Palo Alto PAN-OS – CVE-2024-3400. The command injection allows an unauthenticated attacker to execute code on the device with root privileges. The vendor has announced mitigations for this vulnerability and is actively working on patches that are scheduled to be released on 04/14/2024.
Security Advisory

Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04

Thu, 03/28/2024
Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.
FI-2024-005
Critical
CVE-2024-0259