Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
m-files m-files web vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-41807
Lack of rate limiting in M-Files Server and M-Files Web products with versions prior to 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.
M-files M-files Server
M-files M-files Web
7.8
CVSSv3
CVE-2023-5523
Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions prior to 23.8 LTS SR1 allows Remote Code Execution
M-files Web Companion
M-files Web Companion 23.8
7.6
CVSSv3
CVE-2022-4862
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web prior to 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: prior to 22.12.12140.3.
M-files M-files Server
7.5
CVSSv3
CVE-2022-3284
Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files prior to 22.11.12011.0. This issue affects M-Files New Web: prior to 22.11.12011.0.
M-files M-files Server
7.5
CVSSv3
CVE-2021-37253
M-Files Web prior to 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual ...
M-files M-files Web
7.5
CVSSv3
CVE-2021-37254
In M-Files Web product with versions prior to 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.
M-files M-files Web
7.3
CVSSv3
CVE-2023-5524
Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions prior to 23.8 LTS SR1 allows Remote Code Execution via specific file types
M-files Web Companion
M-files Web Companion 23.8
6.5
CVSSv3
CVE-2023-3406
Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions prior to 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server
M-files Classic Web
M-files Classic Web 23.2
5.4
CVSSv3
CVE-2023-2325
Stored XSS Vulnerability in M-Files Classic Web versions prior to 23.10 and LTS Service Release Versions prior to 23.2 LTS SR4 and 23.8 LTS SR1allows malicious user to execute script on users browser via stored HTML document.
M-files Classic Web 23.2
M-files Classic Web 23.8
M-files Classic Web
5.3
CVSSv3
CVE-2023-3425
Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions prior to 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.
M-files Classic Web
M-files Classic Web 23.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »