Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

M-Files Web Security Vulnerabilities

cve
cve

CVE-2021-37253

M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application

7.5CVSS

7.4AI Score

0.059EPSS

2021-12-05 09:15 PM
46
6
cve
cve

CVE-2021-37254

In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.

7.5CVSS

7.3AI Score

0.003EPSS

2021-10-28 02:15 PM
27
cve
cve

CVE-2021-41807

Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.

9.8CVSS

9.3AI Score

0.003EPSS

2022-01-18 05:15 PM
44