Shodan
Vulnerabilities
Vulnerable Software
M-Files:  Security Vulnerabilities
CVE-2022-3284
Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0.
CVSS Score
6.5
EPSS Score
0.005
Published
2023-03-06
CVE-2022-4862
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.
CVSS Score
5.0
EPSS Score
0.005
Published
2023-03-06
CVE-2022-4861
Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-12-30
CVE-2022-4858
Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.
CVSS Score
4.4
EPSS Score
0.002
Published
2022-12-30
CVE-2022-4264
Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-12-09
CVE-2022-4270
Incorrect privilege assignment issue in M-Files Web in M-Files Web versions beforeĀ 22.5.11436.1 could have changed permissions accidentally.
CVSS Score
2.0
EPSS Score
0.002
Published
2022-12-02
CVE-2022-1606
Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects.
CVSS Score
2.4
EPSS Score
0.002
Published
2022-11-30
CVE-2022-1911
Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-11-30
CVE-2022-39017
Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments.
CVSS Score
8.2
EPSS Score
0.002
Published
2022-10-31
CVE-2022-39018
Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL.
CVSS Score
8.2
EPSS Score
0.004
Published
2022-10-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved