M-files CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (28 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-1911	1 M-files	1 M-files Server	2024-11-21	5.3 Medium
Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.
CVE-2022-1606	1 M-files	1 M-files Server	2024-11-21	2.4 Low
Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects.
CVE-2021-41809	1 M-files	1 M-files Server	2024-11-21	3.5 Low
SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities.
CVE-2021-41808	1 M-files	1 M-files Server	2024-11-21	2 Low
In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default.
CVE-2021-41807	1 M-files	2 M-files Server, M-files Web	2024-11-21	7.5 High
Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.
CVE-2021-37254	1 M-files	1 M-files Web	2024-11-21	7.5 High
In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.
CVE-2021-37253	1 M-files	1 M-files Web	2024-11-21	7.5 High
M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application
CVE-2024-6789	1 M-files	1 M-files Server	2024-09-16	6.5 Medium
A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files

« first previous Page 2 of 2.