295 matches found
CVE-2021-41808 In M-Files Server product with versions before 21.11.10775.0, enabling logging of federated authentication would write sensitive information to event logs.
In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default...
CVE-2021-41808
In M-Files Server, versions prior to 21.11.10775.0 are affected by a logging-related issue where enabling Federated authentication logging to the Windows event log could expose sensitive information. The mitigating factor is that logging is disabled by default, reducing practical exposure. The co...
CVE-2021-41807 Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0, allows brute-forcing of certain type of user accounts.
Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier...
CVE-2021-41807
The CVE-2021-41807 issue affects M-Files Server and M-Files Web prior to version 21.12.10873.0. Root cause: lack of rate limiting on certain user accounts enables unlimited login attempts, facilitating brute-forcing of accounts. Impact is a high-severity authentication weakness with potential for...
CVE-2021-41809 SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, allows requests from server.
SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities...
CVE-2021-41809
CVE-2021-41809 affects M-Files Server products prior to version 22.1.11017.1. The vulnerability arises from a preview feature that allowed the server to perform queries referencing external entities, enabling SSRF from the server. Connected sources confirm the condition and impact but do not prov...
CVE-2021-41808
In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default...
M-Files Web 和 M-Files Server 安全漏洞
M-Files Corporation M-Files Web is an intelligent information management platform from M-Files Corporation, USA. M-Files Server is a server for the M-Files system from M-Files Corporation. A security vulnerability exists in the M-Files Server and M-Files Web products versions lower than...
PT-2022-11488
Name of the Vulnerable Software and Affected Versions M-Files Server versions prior to 21.11.10775.0 Description The issue concerns the logging of Federated authentication to the event log in the M-Files Server product, where sensitive information is written to the log when this feature is enable...
PT-2022-11487
Name of the Vulnerable Software and Affected Versions M-Files Server versions prior to 21.12.10873.0 M-Files Web versions prior to 21.12.10873.0 Description The issue is related to a lack of rate limiting in certain types of user accounts, which allows for an unlimited number of attempts, making ...
M-Files Server 代码问题漏洞
M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in M-Files Server products prior to version 22.1.11017.1, which stems from a preview feature that allows querying from the server for certain document types that reference external entities...
M-Files Server 日志信息泄露漏洞
M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in versions of the M-Files Server product prior to 21.11.10775.0 that stems from logging with federated authentication enabled writing sensitive information to the event log...
PT-2022-11489
Name of the Vulnerable Software and Affected Versions M-Files Server versions prior to 22.1.11017.1 Description The issue concerns a Server-Side Request Forgery SSRF vulnerability. It is related to a preview function in M-Files Server products that allows making queries from the server with certa...
CVE-2021-41809
SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities...
CVE-2021-41807
Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier...