Filecatalyst+leak [patched] Online

| Monitoring Layer | Status Pre‑Incident | Gap | |------------------|--------------------|-----| | | No automated inventory of S3 bucket ACLs. | Missed public‑read flag. | | Data‑loss‑prevention (DLP) | DLP policies applied only to on‑prem file shares. | No coverage for cloud staging. | | FileCatalyst logs | Logs recorded transfer events, not bucket policies. | No alert for insecure configuration. | | Third‑party security tools | No active Amazon Macie or AWS Config rules. | Missed classification of sensitive data in public bucket. |

In 2024 and early 2025, several high-severity vulnerabilities were identified in the FileCatalyst Workflow and Direct components. These issues are significant because MFT solutions often handle a "treasure trove" of high-value data, making them prime targets for extortion and corporate espionage. CVE-2024-6633: Fortra FileCatalyst Workflow Disclosure Flaw filecatalyst+leak

A high-severity issue where fields accessible to super admins can be exploited for SQL injection, leading to a loss of data confidentiality and integrity. Potential Impact | Monitoring Layer | Status Pre‑Incident | Gap

ftpservlet component allows unauthenticated attackers to upload malicious files outside intended directories. By uploading a JSP web shell to the server's root, an attacker can execute arbitrary commands and potentially exfiltrate files. SQL Injection (CVE-2024-5276): A critical vulnerability (CVSS 9.8) that allows attackers to modify or delete application database data and create administrative users without authentication if anonymous access is enabled. Hardcoded Credentials (CVE-2024-6633): Disclosed in late 2024, this flaw involves default credentials for the HSQL database being published in vendor documentation. Attackers can use these to connect remotely to the database, steal data, or create admin accounts. Administrative SQL Injection (CVE-2024-6632): A high-severity flaw (CVSS 7.2) that allows an authenticated user to perform SQL injection during the setup process, potentially leading to unauthorized database modifications. Broader Context: The Fortra Data Breach Settlement The concern regarding "leaks" in Fortra products is heavily influenced by the | No coverage for cloud staging

The incident highlights the risks that arise when high‑performance data‑transfer platforms are integrated into complex enterprise environments, especially when cloud‑native storage and automation tools are used without rigorous access‑control hygiene.

A critical vulnerability (CVSS 9.8) that allows unauthenticated attackers to modify or delete database data. It can be used to create administrative accounts to gain full control over the file transfer portal.