Vulnerabilities > CVE-2023-2480 - Missing Authorization vulnerability in M-Files

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

m-files

CWE-862

NVD

Published: 2023-05-25

Updated: 2023-06-27

Summary

Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications

Vulnerable Configurations

Part	Description	Count
Application	M-Files M Files M Files *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2480/
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2480/