M-files Server CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-41809	1 M-files	1 M-files Server	2024-11-21	3.5 Low
SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities.
CVE-2021-41808	1 M-files	1 M-files Server	2024-11-21	2 Low
In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default.
CVE-2021-41807	1 M-files	2 M-files Server, M-files Web	2024-11-21	7.5 High
Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.
CVE-2024-6789	1 M-files	1 M-files Server	2024-09-16	6.5 Medium
A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files

« first previous Page 2 of 2.