CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41809 – SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, allows requests from server.
https://notcve.org/view.php?id=CVE-2021-41809
18 Jan 2022 — SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities. Una vulnerabilidad de tipo SSRF en los productos M-Files Server versiones anteriores a 22.1.11017.1, en una función de vista previa que permitía realizar consultas desde el servidor con determinados tipos de documentos que hacían referencia a entidades externas • https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-41809 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 5CVE-2021-37253 – M-Files Web Denial of Service
https://notcve.org/view.php?id=CVE-2021-37253
03 Dec 2021 — M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application ** EN DISPUTA ** M-Files Web antes de la versión 20.10.9524.1 permite una denegación de servicio a través de rangos superpuestos (en peticiones HTTP con cabeceras Range o Request-Range manipuladas). NOTA: esto se cuest... • https://packetstorm.news/files/id/165139 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-37254
https://notcve.org/view.php?id=CVE-2021-37254
28 Oct 2021 — In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server. En el producto M-Files Web con versiones anteriores a 20.10.9524.1 y 20.10.9445.0, un atacante remoto podría usar un fallo para obtener acceso no autenticado a la información de la clave de licencia de componentes de terceros en el servidor • https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-37254 •