Vulnerability Details CVE-2024-10127
Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.9%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2024-10127
-
cpe:2.3:a:m-files:m-files_server:-
-
cpe:2.3:a:m-files:m-files_server:23.11.13168.6
-
cpe:2.3:a:m-files:m-files_server:23.2.12340.6
-
cpe:2.3:a:m-files:m-files_server:23.8.12892.17
-
cpe:2.3:a:m-files:m-files_server:23.8.12892.23
-
cpe:2.3:a:m-files:m-files_server:23.8.12892.6
-
cpe:2.3:a:m-files:m-files_server:24.2.13421.11
-
cpe:2.3:a:m-files:m-files_server:24.2.13421.15
-
cpe:2.3:a:m-files:m-files_server:24.2.13421.17
-
cpe:2.3:a:m-files:m-files_server:24.2.13421.8
-
cpe:2.3:a:m-files:m-files_server:24.4.13592
-
cpe:2.3:a:m-files:m-files_server:24.8.13981.0
-
cpe:2.3:a:m-files:m-files_server:24.8.13981.11
-
cpe:2.3:a:m-files:m-files_server:24.8.13981.4
-
cpe:2.3:a:m-files:m-files_server:24.8.13981.8
-
cpe:2.3:a:m-files:m-files_server:24.9.14055.3