Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

M-Files Server Security Vulnerabilities - 2023

cve
cve

CVE-2022-3284

Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0.This issue affects M-Files New Web: before 22.11.12011.0.

7.5CVSS

7.5AI Score

0.002EPSS

2023-03-06 11:15 AM
26
cve
cve

CVE-2022-4862

Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.

7.6CVSS

5.9AI Score

0.001EPSS

2023-03-06 11:15 AM
30
cve
cve

CVE-2023-0382

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.

6.5CVSS

6.4AI Score

0.001EPSS

2023-04-05 07:15 AM
33
cve
cve

CVE-2023-0383

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.

7.5CVSS

7.5AI Score

0.001EPSS

2023-04-20 09:15 AM
43
cve
cve

CVE-2023-0384

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled job.

7.5CVSS

6.8AI Score

0.001EPSS

2023-04-20 09:15 AM
42
cve
cve

CVE-2023-2112

Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.

7.8CVSS

5.6AI Score

0.0004EPSS

2023-04-20 09:15 AM
40
cve
cve

CVE-2023-3405

Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service

7.5CVSS

7.3AI Score

0.001EPSS

2023-06-27 03:15 PM
20
cve
cve

CVE-2023-6117

A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks.

7.5CVSS

7.6AI Score

0.0005EPSS

2023-11-22 10:15 AM
51
cve
cve

CVE-2023-6189

Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods.

5.3CVSS

4.9AI Score

0.0005EPSS

2023-11-22 10:15 AM
49
cve
cve

CVE-2023-6239

Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.

8.8CVSS

6.9AI Score

0.001EPSS

2023-11-28 02:15 PM
22
cve
cve

CVE-2023-6910

A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests.

6.5CVSS

6.4AI Score

0.0004EPSS

2023-12-20 10:15 AM
34
cve
cve

CVE-2023-6912

Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.

9.8CVSS

8.8AI Score

0.001EPSS

2023-12-20 10:15 AM
21