Both authenticated and unauthenticated users could leverage the vulnerability, which affects FileCatalyst Workflow versions 5.1.6 Build 135 and earlier, although activation of anonymous access within the Workflow system is needed for successful exploitation by the latter, said Fortra in an advisory. Immediate implementation of an issued update was urged but Fortra noted that several impacted servlets within the Apache Tomcat installation directory’s “web.xml”

Source: SC Magazine