In May 2024, Tenable Research disclosed a critical SQL injection vulnerability in FileCatalyst Workflow, prompting Dynatrace to investigate further and discover another SQL injection vulnerability identified as CVE-2024-6632. This vulnerability allows an authenticated user during the setup process to exploit form submissions lacking proper input validation, thereby enabling unauthorized database modifications. While less critical and harder to exploit than the previously disclosed vulnerability, it still poses potential risks, especially if an attacker can modify information beyond their permitted access. Dynatrace discovered this vulnerability using its OneAgent, which automatically detects such issues, and it remains present even in versions that addressed the earlier vulnerability, urging users to upgrade to version 5.1.7 for mitigation. The discovery and disclosure process involved collaboration with Fortra, following a timeline of coordination to ensure proper communication and resolution.