Lucene search
+L
ClarisFilemaker Server

10 matches found

CVE
CVE
added 2025/12/16 6:7 p.m.456 views

CVE-2025-46295

The IBM Operations Analytics - Log Analysis bulletin documents CVE-2025-46295 as impacting IBM Operations Analytics - Log Analysis versions 1.3.7.0, 1.3.7.1, and 1.3.7.2. The underlying issue is the same Apache Commons Text interpolation vulnerability (prior to 1.10.0) that can be triggered when ...

9.8CVSS7.8AI score0.00936EPSS
CVE
CVE
added 2024/04/15 10:16 p.m.74 views

CVE-2024-27794

CVE-2024-27794 affects Claris FileMaker Server versions prior to 20.3.2. The issue is a reflected Cross-Site Scripting vulnerability caused by an improperly handled parameter in the FileMaker WebDirect login endpoint. The impact is a potential XSS via the login flow; the fix is to upgrade to File...

6.1CVSS6.1AI score0.00308EPSS
CVE
CVE
added 2024/03/21 10:24 p.m.71 views

CVE-2023-42954

CVE-2023-42954 describes a privilege-escalation vulnerability in FileMaker Server prior to 20.3.1. When signed in to the Admin Console with an administrator role, an attacker could potentially access more sensitive information via front-end websites. The issue is mitigated by the 20.3.1 update, w...

6.5CVSS6.6AI score0.00447EPSS
CVE
CVE
added 2021/11/22 9:26 p.m.65 views

CVE-2021-44147

CVE-2021-44147 affects Claris FileMaker Pro and Server (including WebDirect). The vulnerability is an XML External Entity (XXE) issue in which a crafted XML/Excel document can disclose local files and enable server-side request forgery. Impact: local file disclosure and SSRF capabilities as descr...

5.5CVSS5.4AI score0.01134EPSS
CVE
CVE
added 2024/04/26 3:33 p.m.48 views

CVE-2023-42955

CVE-2023-42955 concerns FileMaker Server prior to 20.3.1, where passwords for the Admin Role could be exposed to front-end websites via the Node.js socket while signed in to the Admin Console with an administrator role. The issue has been fixed in FileMaker Server 20.3.1 by eliminating the sendin...

6.1CVSS6.7AI score0.0045EPSS
CVE
CVE
added 2024/04/26 3:33 p.m.45 views

CVE-2024-27790

CVE-2024-27790 affects Claris FileMaker Server: an issue that could allow unauthorized access to records stored in databases hosted on the server. The root cause is addressed by validating transactions before replying to client requests, and a fix is available in FileMaker Server 20.3.2. Affected...

7.5CVSS6.5AI score0.00462EPSS
CVE
CVE
added 2025/12/16 6:7 p.m.21 views

CVE-2025-46294

The CVE describes a vulnerability in FileMaker Server relating to IIS short filename enumeration (8.3) that could enable information disclosure. Affected: FileMaker Server, prior to/including version 22.0.4; remediation is addressed in 22.0.4 with an option to disable 8.3 name creation. Root caus...

5.3CVSS6.3AI score0.00205EPSS
CVE
CVE
added 2026/07/09 5:19 p.m.17 views

CVE-2026-43752

The CVE-2026-43752 entry concerns FileMaker Server: an authenticated administrator can upload a malicious file via the Admin Console’s Open Source LLM setup feature to achieve arbitrary code execution on the host. The root cause is the file upload path in the LLM setup flow that allows code execu...

4.9CVSS6.4AI score0.00289EPSS
CVE
CVE
added 2025/12/16 6:7 p.m.16 views

CVE-2025-46296

CVE-2025-46296 describes an authorization bypass in the FileMaker Server Admin Console that let administrator roles with minimal privileges access administrative features (e.g., viewing license details and downloading application logs). The root cause is insufficient privilege checks as stated in...

5.4CVSS6.5AI score0.00148EPSS
CVE
CVE
added 2026/02/24 8:30 p.m.16 views

CVE-2025-46320

CVE-2025-46320 describes a cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage that could lead to unauthorized access and remote code execution. The issue has been patched in FileMaker Server releases 22.0.4 and 21.1.7. Affected component is the WebDirect custom home...

6.1CVSS5.6AI score0.00219EPSS