M-Files: Security Vulnerabilities
Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-04-26
Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period.
CVSS Score
7.3
EPSS Score
0.002
Published
2024-03-04
Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-02-23
A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-12-20
Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-20
Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-28
A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server
before 23.11.13156.0 which allows attackers to execute DoS attacks.
CVSS Score
5.7
EPSS Score
0.002
Published
2023-11-22
Missing access permissions checks
in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export
jobs using the M-Files API methods.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-11-22
Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows
Remote Code Execution
CVSS Score
8.6
EPSS Score
0.006
Published
2023-10-20
Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows
Remote Code Execution
via specific file types
CVSS Score
8.2
EPSS Score
0.009
Published
2023-10-20