M-files Server Security Vulnerabilities and Issues — M-files Server CVE List

Lucene search

M-filesM-files Server

12 matches found

CVE•added 2023/11/22 10:15 a.m.•71 views

CVE-2023-6117

A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks.

7.5CVSS6.5AI score0.0014EPSS

CVE•added 2023/11/22 10:15 a.m.•68 views

CVE-2023-6189

Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods.

5.3CVSS4.9AI score0.00085EPSS

CVE•added 2023/04/20 9:15 a.m.•54 views

CVE-2023-0384

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled job.

7.5CVSS6.6AI score0.0009EPSS

CVE•added 2023/04/20 9:15 a.m.•53 views

CVE-2023-0383

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.

7.5CVSS7.4AI score0.00069EPSS

CVE•added 2023/04/20 9:15 a.m.•53 views

CVE-2023-2112

Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.

7.8CVSS5AI score0.00036EPSS

CVE•added 2023/03/06 11:15 a.m.•52 views

CVE-2022-4862

Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.

7.6CVSS5.7AI score0.00297EPSS

CVE•added 2023/12/20 10:15 a.m.•48 views

CVE-2023-6912

Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.

9.8CVSS8.8AI score0.00101EPSS

CVE•added 2023/12/20 10:15 a.m.•47 views

CVE-2023-6910

A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests.

6.5CVSS6.4AI score0.00071EPSS

CVE•added 2023/04/05 7:15 a.m.•42 views

CVE-2023-0382

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.

6.5CVSS6.4AI score0.00058EPSS

CVE•added 2023/03/06 11:15 a.m.•37 views

CVE-2022-3284

Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0.This issue affects M-Files New Web: before 22.11.12011.0.

7.5CVSS6.7AI score0.00281EPSS

CVE•added 2023/11/28 2:15 p.m.•34 views

CVE-2023-6239

Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.

8.8CVSS6.9AI score0.0005EPSS

CVE•added 2023/06/27 3:15 p.m.•33 views

CVE-2023-3405

Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service

7.5CVSS7.4AI score0.00218EPSS