M-Files: >> M-Files Server >> 23.11.13168.6 Security Vulnerabilities
Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-02-23
A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-12-20
Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-20
Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-28
Page 2