10 matches found
CVE-2025-46295
The IBM Operations Analytics - Log Analysis bulletin documents CVE-2025-46295 as impacting IBM Operations Analytics - Log Analysis versions 1.3.7.0, 1.3.7.1, and 1.3.7.2. The underlying issue is the same Apache Commons Text interpolation vulnerability (prior to 1.10.0) that can be triggered when ...
CVE-2024-27794
CVE-2024-27794 affects Claris FileMaker Server versions prior to 20.3.2. The issue is a reflected Cross-Site Scripting vulnerability caused by an improperly handled parameter in the FileMaker WebDirect login endpoint. The impact is a potential XSS via the login flow; the fix is to upgrade to File...
CVE-2023-42954
CVE-2023-42954 describes a privilege-escalation vulnerability in FileMaker Server prior to 20.3.1. When signed in to the Admin Console with an administrator role, an attacker could potentially access more sensitive information via front-end websites. The issue is mitigated by the 20.3.1 update, w...
CVE-2021-44147
CVE-2021-44147 affects Claris FileMaker Pro and Server (including WebDirect). The vulnerability is an XML External Entity (XXE) issue in which a crafted XML/Excel document can disclose local files and enable server-side request forgery. Impact: local file disclosure and SSRF capabilities as descr...
CVE-2023-42955
CVE-2023-42955 concerns FileMaker Server prior to 20.3.1, where passwords for the Admin Role could be exposed to front-end websites via the Node.js socket while signed in to the Admin Console with an administrator role. The issue has been fixed in FileMaker Server 20.3.1 by eliminating the sendin...
CVE-2024-27790
CVE-2024-27790 affects Claris FileMaker Server: an issue that could allow unauthorized access to records stored in databases hosted on the server. The root cause is addressed by validating transactions before replying to client requests, and a fix is available in FileMaker Server 20.3.2. Affected...
CVE-2025-46294
The CVE describes a vulnerability in FileMaker Server relating to IIS short filename enumeration (8.3) that could enable information disclosure. Affected: FileMaker Server, prior to/including version 22.0.4; remediation is addressed in 22.0.4 with an option to disable 8.3 name creation. Root caus...
CVE-2026-43752
The CVE-2026-43752 entry concerns FileMaker Server: an authenticated administrator can upload a malicious file via the Admin Console’s Open Source LLM setup feature to achieve arbitrary code execution on the host. The root cause is the file upload path in the LLM setup flow that allows code execu...
CVE-2025-46296
CVE-2025-46296 describes an authorization bypass in the FileMaker Server Admin Console that let administrator roles with minimal privileges access administrative features (e.g., viewing license details and downloading application logs). The root cause is insufficient privilege checks as stated in...
CVE-2025-46320
CVE-2025-46320 describes a cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage that could lead to unauthorized access and remote code execution. The issue has been patched in FileMaker Server releases 22.0.4 and 21.1.7. Affected component is the WebDirect custom home...