CVE-2022-4858 – Insertion of Sensitive Information into Log File
https://notcve.org/view.php?id=CVE-2022-4858
Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set. La inserción de información confidencial en archivos de registro en M-Files Server antes del 22.10.11846.0 podría permitir obtener tokens confidenciales de los registros, si se establecieran configuraciones específicas. • https://www.m-files.com/about/trust-center/security-advisories/cve-2022-4858 https://product.m-files.com/security-advisories/cve-2022-4858 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-4270 – Incorrect privilege assignment in M-Files Web Server
https://notcve.org/view.php?id=CVE-2022-4270
Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally. Un problema de asignación de privilegios incorrectos en M-Files Web en versiones de M-Files Web anteriores a la 22.5.11436.1 podría haber cambiado los permisos accidentalmente. • https://www.m-files.com/about/trust-center/security-advisories/cve-2022-4270 https://product.m-files.com/security-advisories/cve-2022-4270 • CWE-269: Improper Privilege Management •
CVE-2022-1911 – Information disclosure in M-Files Server
https://notcve.org/view.php?id=CVE-2022-1911
Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system. Un error en la función del analizador en las versiones de M-Files Server anteriores a 22.6.11534.1 y anteriores a 22.6.11505.0 permitía el acceso no autenticado a cierta información del sistema operativo subyacente. • https://www.m-files.com/about/trust-center/security-advisories/cve-2022-1911 https://product.m-files.com/security-advisories/cve-2022-1911 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2022-1606 – Incorrect privilege assignment in M-Files Server
https://notcve.org/view.php?id=CVE-2022-1606
Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects. La asignación de privilegios incorrecta en las versiones de M-Files Server en versiones anteriores a 22.3.11164.0 y versiones anteriores a 22.3.11237.1 permite al usuario leer objetos no administrados. • https://www.m-files.com/about/trust-center/security-advisories/cve-2022-1606 https://product.m-files.com/security-advisories/cve-2022-1606 • CWE-269: Improper Privilege Management •
CVE-2021-41808 – In M-Files Server product with versions before 21.11.10775.0, enabling logging of federated authentication would write sensitive information to event logs.
https://notcve.org/view.php?id=CVE-2021-41808
In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default. En el producto M-Files Server con versiones anteriores a 21.11.10775.0, al habilitar el registro de la autenticación federada en el registro de eventos escribía información confidencial en el registro. Los factores atenuantes son que el registro está deshabilitado por fallo • https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-41808 • CWE-532: Insertion of Sensitive Information into Log File •