Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

m-files m-files web vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2
CVE-2021-41807
Lack of rate limiting in M-Files Server and M-Files Web products with versions prior to 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.
M-files M-files ServerM-files M-files Web
NA
CVE-2023-2325
Stored XSS Vulnerability in M-Files Classic Web versions prior to 23.10 and LTS Service Release Versions prior to 23.2 LTS SR4 and 23.8 LTS SR1allows malicious user to execute script on users browser via stored HTML document.
M-files Classic Web 23.2M-files Classic Web 23.8M-files Classic Web
7.8
CVSSv2
CVE-2021-37253
M-Files Web prior to 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual ...
M-files M-files Web
5
CVSSv2
CVE-2021-37254
In M-Files Web product with versions prior to 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.
M-files M-files Web
NA
CVE-2023-5523
Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions prior to 23.8 LTS SR1 allows Remote Code Execution
M-files Web CompanionM-files Web Companion 23.8
NA
CVE-2023-5524
Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions prior to 23.8 LTS SR1 allows Remote Code Execution via specific file types
M-files Web CompanionM-files Web Companion 23.8
NA
CVE-2023-3406
Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions prior to 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server
M-files Classic WebM-files Classic Web 23.2
NA
CVE-2023-3425
Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions prior to 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.
M-files Classic WebM-files Classic Web 23.2
NA
CVE-2022-4264
Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files prior to 22.8.11691.0 allows low privilege user to change some configuration.
M-files M-files
NA
CVE-2022-4270
Incorrect privilege assignment issue in M-Files Web in M-Files Web versions prior to 22.5.11436.1 could have changed permissions accidentally.
M-files M-files Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761command injectionCVE-2024-3676IDORCVE-2024-30039CVE-2024-32113CVE-2024-30049CVE-2024-4776SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook