M-Files: Security Vulnerabilities
In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default.
CVSS Score
2.0
EPSS Score
0.0
Published
2022-01-18
M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application
CVSS Score
7.5
EPSS Score
0.031
Published
2021-12-05
In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-10-28
Page 6