M-Files: Security Vulnerabilities
Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.
CVSS Score
3.6
EPSS Score
0.0
Published
2023-04-20
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1
due to uncontrolled memory consumption.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-04-20
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1
due to uncontrolled memory consumption for a scheduled job.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-20
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1
due to uncontrolled memory consumption.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-05
Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.
CVSS Score
8.8
EPSS Score
0.0
Published
2023-03-29
Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0.
This issue affects M-Files New Web: before 22.11.12011.0.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-03-06
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information.
This issue affects M-Files New Web: before 22.12.12140.3.
CVSS Score
5.0
EPSS Score
0.003
Published
2023-03-06
Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-12-30
Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.
CVSS Score
4.4
EPSS Score
0.001
Published
2022-12-30
Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-12-09