Vulnerability Details CVE-2021-37254
In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-37254/
- https://www.m-files.com/company/trust-center/vulnerability-disclosure/
- https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-37254/
- https://www.m-files.com/company/trust-center/vulnerability-disclosure/
Products affected by CVE-2021-37254
-
cpe:2.3:a:m-files:m-files_web:*