22.6.11534.4

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

m-files

NVD

Published: 2023-03-06

Updated: 2023-11-07

Summary

Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0.

Vulnerable Configurations

Part	Description	Count
Application	M-Files M Files M Files Server - M Files M Files Server 22.2.11051.0 M Files M Files Server 22.3.11237.3 M Files M Files Server 22.6.11534.4	4

References

https://www.m-files.com/about/trust-center/security-advisories/cve-2022-3284/