M-Files: >> M-Files Server >> 22.3.11237.3 Security Vulnerabilities
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information.
This issue affects M-Files New Web: before 22.12.12140.3.
CVSS Score
5.0
EPSS Score
0.003
Published
2023-03-06
Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.
CVSS Score
4.4
EPSS Score
0.001
Published
2022-12-30
Incorrect privilege assignment issue in M-Files Web in M-Files Web versions beforeĀ 22.5.11436.1 could have changed permissions accidentally.
CVSS Score
2.0
EPSS Score
0.001
Published
2022-12-02
Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-11-30
Page 2