CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6189 – Improper Permission Handling in M-Files Server
https://notcve.org/view.php?id=CVE-2023-6189
22 Nov 2023 — Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods. Las comprobaciones de permisos de acceso faltantes en el servidor M-Files anteriores a 23.11.13156.0 permiten a los atacantes realizar trabajos de escritura y exportación de datos utilizando los métodos API de M-Files. Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs ... • https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6189 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6117 – M-Files REST API allows Denial of Service
https://notcve.org/view.php?id=CVE-2023-6117
22 Nov 2023 — A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks. Se detectó una posibilidad de consumo no deseado de memoria del servidor a través de las funcionalidades obsoletas en los métodos Rest API del servidor M-Files anteriores a 23.11.13156.0, lo que permite a los atacantes ejecutar ataques DoS. A possibility of unwanted server memory consumption was... • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6117 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3405 – Denial of service condition in M-Files Server
https://notcve.org/view.php?id=CVE-2023-3405
27 Jun 2023 — Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405 • CWE-248: Uncaught Exception •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2112 – Desktop component allows lateral movement between sessions
https://notcve.org/view.php?id=CVE-2023-2112
20 Apr 2023 — Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2112 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0384 – Uncontrolled Resource Consuption in M-Files Server
https://notcve.org/view.php?id=CVE-2023-0384
20 Apr 2023 — User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled job. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0384 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0383 – Uncontrolled Resource Consuption in M-Files Server
https://notcve.org/view.php?id=CVE-2023-0383
20 Apr 2023 — User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0383 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0382 – Uncontrolled Resource Consumption in M-Files Server
https://notcve.org/view.php?id=CVE-2023-0382
05 Apr 2023 — User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption. User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0382 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4862 – XSS vulnerability in M-Files Web
https://notcve.org/view.php?id=CVE-2022-4862
06 Mar 2023 — Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3. • https://www.m-files.com/about/trust-center/security-advisories/cve-2022-4862 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3284 – Insecure way of passing a download key
https://notcve.org/view.php?id=CVE-2022-3284
06 Mar 2023 — Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0. Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0. • https://www.m-files.com/about/trust-center/security-advisories/cve-2022-3284 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4858 – Insertion of Sensitive Information into Log File
https://notcve.org/view.php?id=CVE-2022-4858
30 Dec 2022 — Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set. La inserción de información confidencial en archivos de registro en M-Files Server antes del 22.10.11846.0 podría permitir obtener tokens confidenciales de los registros, si se establecieran configuraciones específicas. • https://www.m-files.com/about/trust-center/security-advisories/cve-2022-4858 • CWE-532: Insertion of Sensitive Information into Log File •