Lucene search
K

295 matches found

Cvelist
Cvelist
added 2022/01/18 4:51 p.m.21 views

CVE-2021-41808 In M-Files Server product with versions before 21.11.10775.0, enabling logging of federated authentication would write sensitive information to event logs.

In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default...

2CVSS4AI score0.00246EPSS
Exploits0References2
CVE
CVE
added 2022/01/18 4:51 p.m.56 views

CVE-2021-41808

In M-Files Server, versions prior to 21.11.10775.0 are affected by a logging-related issue where enabling Federated authentication logging to the Windows event log could expose sensitive information. The mitigating factor is that logging is disabled by default, reducing practical exposure. The co...

2.3CVSS3.5AI score0.00246EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/01/18 4:51 p.m.25 views

CVE-2021-41807 Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0, allows brute-forcing of certain type of user accounts.

Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier...

7.5CVSS9.6AI score0.01106EPSS
Exploits0References2
CVE
CVE
added 2022/01/18 4:51 p.m.69 views

CVE-2021-41807

The CVE-2021-41807 issue affects M-Files Server and M-Files Web prior to version 21.12.10873.0. Root cause: lack of rate limiting on certain user accounts enables unlimited login attempts, facilitating brute-forcing of accounts. Impact is a high-severity authentication weakness with potential for...

9.8CVSS8.7AI score0.01106EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2022/01/18 4:51 p.m.20 views

CVE-2021-41809 SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, allows requests from server.

SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities...

3.5CVSS5AI score0.00556EPSS
Exploits0References2
CVE
CVE
added 2022/01/18 4:51 p.m.61 views

CVE-2021-41809

CVE-2021-41809 affects M-Files Server products prior to version 22.1.11017.1. The vulnerability arises from a preview feature that allowed the server to perform queries referencing external entities, enabling SSRF from the server. Connected sources confirm the condition and impact but do not prov...

4.3CVSS4.3AI score0.00556EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/18 8:10 a.m.5 views

CVE-2021-41808

In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default...

2.3CVSS4.7AI score0.00246EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/01/18 12:0 a.m.7 views

M-Files Web 和 M-Files Server 安全漏洞

M-Files Corporation M-Files Web is an intelligent information management platform from M-Files Corporation, USA. M-Files Server is a server for the M-Files system from M-Files Corporation. A security vulnerability exists in the M-Files Server and M-Files Web products versions lower than...

9.8CVSS8.3AI score0.01106EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/01/18 12:0 a.m.6 views

PT-2022-11488

Name of the Vulnerable Software and Affected Versions M-Files Server versions prior to 21.11.10775.0 Description The issue concerns the logging of Federated authentication to the event log in the M-Files Server product, where sensitive information is written to the log when this feature is enable...

2.3CVSS4.6AI score0.00246EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/01/18 12:0 a.m.11 views

PT-2022-11487

Name of the Vulnerable Software and Affected Versions M-Files Server versions prior to 21.12.10873.0 M-Files Web versions prior to 21.12.10873.0 Description The issue is related to a lack of rate limiting in certain types of user accounts, which allows for an unlimited number of attempts, making ...

9.8CVSS8.6AI score0.01106EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/01/18 12:0 a.m.4 views

M-Files Server 代码问题漏洞

M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in M-Files Server products prior to version 22.1.11017.1, which stems from a preview feature that allows querying from the server for certain document types that reference external entities...

4.3CVSS5.1AI score0.00556EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/01/18 12:0 a.m.6 views

M-Files Server 日志信息泄露漏洞

M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in versions of the M-Files Server product prior to 21.11.10775.0 that stems from logging with federated authentication enabled writing sensitive information to the event log...

2.3CVSS5AI score0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/01/18 12:0 a.m.5 views

PT-2022-11489

Name of the Vulnerable Software and Affected Versions M-Files Server versions prior to 22.1.11017.1 Description The issue concerns a Server-Side Request Forgery SSRF vulnerability. It is related to a preview function in M-Files Server products that allows making queries from the server with certa...

4.3CVSS5AI score0.00556EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/01/17 10:1 p.m.2 views

CVE-2021-41809

SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities...

4.3CVSS5AI score0.00556EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/01/17 10:1 p.m.2 views

CVE-2021-41807

Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier...

9.8CVSS8.7AI score0.01106EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder