Lucene search

[email protected]CVE-2021-37254

HistoryOct 28, 2021 - 2:15 p.m.

CVE-2021-37254

2021-10-2814:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2021-37254

m-files web

security vulnerability

remote attacker

unauthenticated access

third party component

license key

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.3%

JSON

In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.

CPENameOperatorVersion
m-files:m-files_webm-files m-files weblt20.10.9534.1
m-files:m-files_webm-files m-files weblt20.10.9445.0

CPE	Name	Operator	Version
m-files:m-files_web	m-files m-files web	lt	20.10.9534.1
m-files:m-files_web	m-files m-files web	lt	20.10.9445.0

References

www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-37254/

www.m-files.com/company/trust-center/vulnerability-disclosure/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.3%

JSON

Related for CVE-2021-37254

prion1