CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-3406 – Path traversal issue in M-Files Classic Web
https://notcve.org/view.php?id=CVE-2023-3406
Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server Un problema de path traversal en las versiones de M-Files Classic Web, el cual afecta a las versiones inferiores a 23.6.12695.3 y a las versiones de lanzamiento del servicio LTS inferiores a 23.2 LTS SR3. Esta vulnerabilidad permite a un usuario autenticado leer algunos archivos restringidos en el servidor web. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3406 https://product.m-files.com/security-advisories/cve-2023-3406 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-3425 – CVE-2023-3425: Out-of-Bounds memory read
https://notcve.org/view.php?id=CVE-2023-3425
Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory. Un problema de lectura fuera de los límites en M-Files Server, el cual afecta a las versiones inferiores a 23.8.12892.6 y a las versiones de lanzamiento del servicio LTS inferiores a 23.2 LTS SR3. Esta vulnerabilidad permite a un usuario no autenticado leer una cantidad restringida de bytes de la memoria. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3425 https://product.m-files.com/security-advisories/cve-2023-3425 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3405 – Denial of service condition in M-Files Server
https://notcve.org/view.php?id=CVE-2023-3405
Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405 https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405-denial-of-service-in-m-files-server https://product.m-files.com/security-advisories/cve-2023-3405 • CWE-248: Uncaught Exception •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2480 – Elevation of Privilege in M-Files Desktop Client
https://notcve.org/view.php?id=CVE-2023-2480
Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications • https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2480 https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2480 https://product.m-files.com/security-advisories/cve-2023-2480 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2112 – Desktop component allows lateral movement between sessions
https://notcve.org/view.php?id=CVE-2023-2112
Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2112 https://product.m-files.com/security-advisories/cve-2023-2112 • CWE-284: Improper Access Control •