CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9174 – Stored HTML Injection in Hubshare social module
https://notcve.org/view.php?id=CVE-2024-9174
02 Oct 2024 — Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI • https://product.m-files.com/security-advisories/cve-2024-9174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6789 – Path traversal in M-Files API
https://notcve.org/view.php?id=CVE-2024-6789
27 Aug 2024 — A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 allows authenticated user to read files Un problema de path traversal en el endpoint de API en M-Files Server anterior a la versión 24.8.13981.0 permite que un usuario autenticado lea archivos A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files A path traversal issue in API endpoint in M-Files Server b... • https://product.m-files.com/security-advisories/cve-2024-6789 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4056 – Denial of service condition in M-Files Server
https://notcve.org/view.php?id=CVE-2024-4056
26 Apr 2024 — Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources. La condición de denegación de servicio en M-Files Server en versiones anteriores a 24.4.13592.4 y posteriores a 23.11 (excluyendo 24.2 LTS) permite a usuarios no autenticados consumir recursos informáticos. Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthen... • https://www.m-files.com/about/trust-center/security-advisories/cve-2024-4056 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4479 – Stored XSS Vulnerability in M-Files Web
https://notcve.org/view.php?id=CVE-2023-4479
04 Mar 2024 — Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-4479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0563 – Denial of service condition in M-Files Server
https://notcve.org/view.php?id=CVE-2024-0563
23 Feb 2024 — Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users. La condición de denegación de servicio en M-Files Server en versiones anteriores a la 24.2 (excluyendo 23.2 SR7 y 23.8 SR5) permite a un usuario anónimo provocar una denegación de servicio contra otros usuarios anónimos. Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) all... • https://www.m-files.com/about/trust-center/security-advisories/cve-2024-0563 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6910 – Uncontrolled Resource Consumption in M-Files Server
https://notcve.org/view.php?id=CVE-2023-6910
20 Dec 2023 — A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests. Un método API vulnerable en M-Files Server anterior a 23.12.13195.0 permite el consumo incontrolado de recursos. El atacante autenticado puede agotar el espacio de almacenamiento del servidor hasta el punto en que el servidor ya no pueda atender solicitudes. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6910 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6912 – Brute force vulnerability in M-Files user authentication
https://notcve.org/view.php?id=CVE-2023-6912
20 Dec 2023 — Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords. La falta de protección contra ataques de fuerza bruta en M-Files Server antes de 23.12.13205.0 permite a un atacante realizar intentos de autenticación ilimitados, lo que podría comprometer cuentas de usuarios de M-Files específicas al adivinar contraseñas. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6912 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6239 – Incorrect calculation of effective permissions
https://notcve.org/view.php?id=CVE-2023-6239
28 Nov 2023 — Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object. Los permisos efectivos calculados incorrectamente en las versiones 23.9 y 23.10 y 23.11 anteriores a 23.11.13168.7 de M-Files Server podrían producir un resultado defectuoso si un objeto usaba una configuración espec... • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6239 • CWE-281: Improper Preservation of Permissions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6189 – Improper Permission Handling in M-Files Server
https://notcve.org/view.php?id=CVE-2023-6189
22 Nov 2023 — Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods. Las comprobaciones de permisos de acceso faltantes en el servidor M-Files anteriores a 23.11.13156.0 permiten a los atacantes realizar trabajos de escritura y exportación de datos utilizando los métodos API de M-Files. Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs ... • https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6189 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6117 – M-Files REST API allows Denial of Service
https://notcve.org/view.php?id=CVE-2023-6117
22 Nov 2023 — A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks. Se detectó una posibilidad de consumo no deseado de memoria del servidor a través de las funcionalidades obsoletas en los métodos Rest API del servidor M-Files anteriores a 23.11.13156.0, lo que permite a los atacantes ejecutar ataques DoS. A possibility of unwanted server memory consumption was... • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6117 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •