Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
m-files m-files server vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2021-37253
M-Files Web prior to 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual ...
M-files M-files Web
NA
CVE-2023-3406
Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions prior to 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server
M-files Classic Web
M-files Classic Web 23.2
NA
CVE-2023-3425
Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions prior to 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.
M-files Classic Web
M-files Classic Web 23.2
3.5
CVSSv2
CVE-2021-41810
Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable
M-files Server
NA
CVE-2022-39019
Broken access controls on PDFtron WebviewerUI in M-Files Hubshare prior to 3.3.11.3 allows unauthenticated malicious users to upload malicious files to the application server.
M-files Hubshare
NA
CVE-2024-4056
Denial of service condition in M-Files Server in versions prior to 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources.
NA
CVE-2024-0563
Denial of service condition in M-Files Server in versions prior to 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3