CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2480 – Elevation of Privilege in M-Files Desktop Client
https://notcve.org/view.php?id=CVE-2023-2480
Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications • https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2480 https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2480 https://product.m-files.com/security-advisories/cve-2023-2480 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0213 – Local Elevation of Privilege in M-Files
https://notcve.org/view.php?id=CVE-2023-0213
Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0213 https://product.m-files.com/security-advisories/cve-2023-0213 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4264 – Incorrect privilege assignment in M-Files Web Server
https://notcve.org/view.php?id=CVE-2022-4264
Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration. La asignación de privilegios incorrecta en M-Files Web (Classic) en M-Files anterior a 22.8.11691.0 permite a usuarios con privilegios bajos cambiar alguna configuración. • https://www.m-files.com/about/trust-center/security-advisories/cve-2022-4264 https://product.m-files.com/security-advisories/cve-2022-4264 • CWE-269: Improper Privilege Management •