Lucene search

[email protected]NVD:CVE-2021-41808

HistoryJan 18, 2022 - 5:15 p.m.

CVE-2021-41808

2022-01-1817:15:08

CWE-532

[email protected]

web.nvd.nist.gov

m-files server

version 21.11.10775.0

federated authentication

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

12.6%

JSON

In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default.

Affected configurations

Nvd

Node

m-filesm-files_serverRange<21.11.10775.0

VendorProductVersionCPE
m-filesm-files_server*cpe:2.3:a:m-files:m-files_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
m-files	m-files_server	*	cpe:2.3:a:m-files:m-files_server::::::::

References

www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-41808/

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2021-41808

prion1 cvelist1 cve1