Lucene search

M-Files CorporationCVELIST:CVE-2021-41808

HistoryJan 18, 2022 - 4:51 p.m.

CVE-2021-41808 In M-Files Server product with versions before 21.11.10775.0, enabling logging of federated authentication would write sensitive information to event logs.

2022-01-1816:51:52

CWE-532

M-Files Corporation

www.cve.org

m-files server

federated authentication

sensitive information

event logs

logging

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default.

CNA Affected

[
  {
    "product": "M-Files Server",
    "vendor": "M-Files",
    "versions": [
      {
        "lessThan": "21.11.10775.0",
        "status": "affected",
        "version": "Online",
        "versionType": "custom"
      },
      {
        "lessThan": "21.11.10775.0",
        "status": "affected",
        "version": "2018",
        "versionType": "custom"
      }
    ]
  }
]

References

www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-41808/

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2021-41808