CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4862 – XSS vulnerability in M-Files Web
https://notcve.org/view.php?id=CVE-2022-4862
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3. • https://www.m-files.com/about/trust-center/security-advisories/cve-2022-4862 https://product.m-files.com/security-advisories/cve-2022-4862 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3284 – Insecure way of passing a download key
https://notcve.org/view.php?id=CVE-2022-3284
Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0. • https://www.m-files.com/about/trust-center/security-advisories/cve-2022-3284 https://product.m-files.com/security-advisories/cve-2022-3284 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4858 – Insertion of Sensitive Information into Log File
https://notcve.org/view.php?id=CVE-2022-4858
Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set. La inserción de información confidencial en archivos de registro en M-Files Server antes del 22.10.11846.0 podría permitir obtener tokens confidenciales de los registros, si se establecieran configuraciones específicas. • https://www.m-files.com/about/trust-center/security-advisories/cve-2022-4858 https://product.m-files.com/security-advisories/cve-2022-4858 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4270 – Incorrect privilege assignment in M-Files Web Server
https://notcve.org/view.php?id=CVE-2022-4270
Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally. Un problema de asignación de privilegios incorrectos en M-Files Web en versiones de M-Files Web anteriores a la 22.5.11436.1 podría haber cambiado los permisos accidentalmente. • https://www.m-files.com/about/trust-center/security-advisories/cve-2022-4270 https://product.m-files.com/security-advisories/cve-2022-4270 • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1911 – Information disclosure in M-Files Server
https://notcve.org/view.php?id=CVE-2022-1911
Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system. Un error en la función del analizador en las versiones de M-Files Server anteriores a 22.6.11534.1 y anteriores a 22.6.11505.0 permitía el acceso no autenticado a cierta información del sistema operativo subyacente. • https://www.m-files.com/about/trust-center/security-advisories/cve-2022-1911 https://product.m-files.com/security-advisories/cve-2022-1911 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •