CVE-2023-2480 – Elevation of Privilege in M-Files Desktop Client
https://notcve.org/view.php?id=CVE-2023-2480
Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications • https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2480 https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2480 https://product.m-files.com/security-advisories/cve-2023-2480 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-862: Missing Authorization •
CVE-2023-2112 – Desktop component allows lateral movement between sessions
https://notcve.org/view.php?id=CVE-2023-2112
Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2112 https://product.m-files.com/security-advisories/cve-2023-2112 • CWE-284: Improper Access Control •
CVE-2023-0384 – Uncontrolled Resource Consuption in M-Files Server
https://notcve.org/view.php?id=CVE-2023-0384
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled job. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0384 https://product.m-files.com/security-advisories/cve-2023-0384 • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-0383 – Uncontrolled Resource Consuption in M-Files Server
https://notcve.org/view.php?id=CVE-2023-0383
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0383 https://product.m-files.com/security-advisories/cve-2023-0383 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-0382 – Uncontrolled Resource Consumption in M-Files Server
https://notcve.org/view.php?id=CVE-2023-0382
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0382 https://product.m-files.com/security-advisories/cve-2023-0382 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •