GCVE - cpe:2.3:a:fortra:filecatalyst_direct:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:fortra:filecatalyst_direct:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Fortra (`f14f6bd1-8bf2-53f9-b0d6-b2745f517ba7`)
Product	Filecatalyst Direct (`e7eb0c4b-de4d-5b86-8383-da3c74887a0d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-5275`	vulnerable	2026-06-03 14:57:52.262286	Hard-coded password in FileCatalyst Direct 3.8.10 Build 138 TransferAgent (and earlier) and FileCatalyst Workflow 5.1.6 Build 130 (and earlier) HIGH (7.8) A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack against users of the agent. This issue affects all versions of FileCatalyst Direct from 3.8.10 Build 138 and earlier and all versions of FileCatalyst Workflow from 5.1.6 Build 130 and earlier. Published: 2024-06-18T14:11:37.005Z Updated: 2024-08-01T21:11:12.408Z Open on db.gcve.eu Reference links https://www.fortra.com/security/advisory/fi-2024-007 https://support.fortra.com/filecatalyst/kb-articles/action-required-by-june-18th-2024-filecatalyst-transferagent-ssl-and-localhost-changes-MWQwYjI3ZGItZmQyMS1lZjExLTg0MGItMDAyMjQ4MGE0MDNm	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-25155`	vulnerable	2026-06-03 14:55:13.233326	Reflected Cross-Site Scripting (XSS) in FileCatalyst Direct 3.8.8 and earlier HIGH (7.2) In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag. Published: 2024-03-13T14:15:54.156Z Updated: 2024-08-01T23:36:21.639Z Open on db.gcve.eu Reference links https://www.fortra.com/security/advisory/fi-2024-003 https://filecatalyst.software/public/filecatalyst/Direct/3.8.9.90/whatsnew_direct.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-25154`	vulnerable	2026-06-03 14:55:13.231813	Path Traversal in FileCatalyst Direct 3.8.8 and Earlier MEDIUM (5.3) Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage. Published: 2024-03-13T14:13:56.214Z Updated: 2024-08-12T18:55:44.054Z Open on db.gcve.eu Reference links https://www.fortra.com/security/advisory/fi-2024-003 https://filecatalyst.software/public/filecatalyst/Direct/3.8.9.90/whatsnew_direct.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.