FileCatalyst Workflow 5.1.7 or later, which patches these vulnerabilities. Restrict Network Access: Use a firewall to block the HSQLDB port and limit web portal access to trusted IP addresses only. Disable Anonymous Access: If not required, disable anonymous login to significantly reduce the attack surface. Audit Logs: Regularly check for unexpected JSP files in the FileCatalyst Workflow DocumentRoot or suspicious POST requests to the
Recent threat intelligence indicates that attackers are shifting focus from generic web servers to specialized file-transfer appliances (similar to attacks seen against Accellion FTA and MoveIT). Attackers are actively scanning for exposed FileCatalyst web interfaces to exploit misconfigurations, legacy vulnerabilities, and weak authentication mechanisms to exfiltrate sensitive data. filecatalyst attackers
