CVE-2023-6910 – Uncontrolled Resource Consumption in M-Files Server
https://notcve.org/view.php?id=CVE-2023-6910
A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests. Un método API vulnerable en M-Files Server anterior a 23.12.13195.0 permite el consumo incontrolado de recursos. El atacante autenticado puede agotar el espacio de almacenamiento del servidor hasta el punto en que el servidor ya no pueda atender solicitudes. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6910 https://product.m-files.com/security-advisories/cve-2023-6910 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-6912 – Brute force vulnerability in M-Files user authentication
https://notcve.org/view.php?id=CVE-2023-6912
Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords. La falta de protección contra ataques de fuerza bruta en M-Files Server antes de 23.12.13205.0 permite a un atacante realizar intentos de autenticación ilimitados, lo que podría comprometer cuentas de usuarios de M-Files específicas al adivinar contraseñas. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6912 https://product.m-files.com/security-advisories/cve-2023-6912 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2023-6239 – Incorrect calculation of effective permissions
https://notcve.org/view.php?id=CVE-2023-6239
Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object. Los permisos efectivos calculados incorrectamente en las versiones 23.9 y 23.10 y 23.11 anteriores a 23.11.13168.7 de M-Files Server podrían producir un resultado defectuoso si un objeto usaba una configuración específica de permisos basados en metadatos. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6239 https://product.m-files.com/security-advisories/cve-2023-6239 • CWE-281: Improper Preservation of Permissions •
CVE-2023-6189 – Improper Permission Handling in M-Files Server
https://notcve.org/view.php?id=CVE-2023-6189
Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods. Las comprobaciones de permisos de acceso faltantes en el servidor M-Files anteriores a 23.11.13156.0 permiten a los atacantes realizar trabajos de escritura y exportación de datos utilizando los métodos API de M-Files. • https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6189 https://product.m-files.com/security-advisories/cve-2023-6189 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVE-2023-6117 – M-Files REST API allows Denial of Service
https://notcve.org/view.php?id=CVE-2023-6117
A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks. Se detectó una posibilidad de consumo no deseado de memoria del servidor a través de las funcionalidades obsoletas en los métodos Rest API del servidor M-Files anteriores a 23.11.13156.0, lo que permite a los atacantes ejecutar ataques DoS. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6117 https://product.m-files.com/security-advisories/cve-2023-6117 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •