Vulnerabilities (CVE)

Filtered by vendor M-files Subscribe
Total 46 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-2480 1 M-files 1 M-files 2024-11-21 N/A 7.5 HIGH
Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications
CVE-2023-2325 1 M-files 1 Classic Web 2024-11-21 N/A 7.3 HIGH
Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.
CVE-2023-2112 1 M-files 1 M-files Server 2024-11-21 N/A 3.6 LOW
Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.
CVE-2023-0384 1 M-files 1 M-files Server 2024-11-21 N/A 6.5 MEDIUM
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled job.
CVE-2023-0383 1 M-files 1 M-files Server 2024-11-21 N/A 7.5 HIGH
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.
CVE-2023-0382 1 M-files 1 M-files Server 2024-11-21 N/A 6.5 MEDIUM
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.
CVE-2023-0213 2 M-files, Microsoft 2 M-files, Windows 2024-11-21 N/A 8.8 HIGH
Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.
CVE-2022-4862 1 M-files 1 M-files Server 2024-11-21 N/A 5.0 MEDIUM
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.
CVE-2022-4861 1 M-files 1 M-files Client 2024-11-21 N/A 4.8 MEDIUM
Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.
CVE-2022-4858 1 M-files 1 M-files Server 2024-11-21 N/A 4.4 MEDIUM
Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.
CVE-2022-4270 1 M-files 1 M-files Server 2024-11-21 N/A 2.0 LOW
Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.
CVE-2022-4264 1 M-files 1 M-files 2024-11-21 N/A 6.5 MEDIUM
Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration.
CVE-2022-3284 1 M-files 1 M-files Server 2024-11-21 N/A 6.5 MEDIUM
Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0.
CVE-2022-39019 1 M-files 1 Hubshare 2024-11-21 N/A 6.3 MEDIUM
Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server.
CVE-2022-39018 1 M-files 1 Hubshare 2024-11-21 N/A 8.2 HIGH
Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL.
CVE-2022-39017 1 M-files 1 Hubshare 2024-11-21 N/A 8.2 HIGH
Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments.
CVE-2022-39016 1 M-files 1 Hubshare 2024-11-21 N/A 8.2 HIGH
Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload.
CVE-2022-1911 1 M-files 1 M-files Server 2024-11-21 N/A 5.3 MEDIUM
Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.
CVE-2022-1606 1 M-files 1 M-files Server 2024-11-21 N/A 2.4 LOW
Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects.
CVE-2021-41810 1 M-files 1 Server 2024-11-21 3.5 LOW 5.2 MEDIUM
Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable