Vulnerabilities > CVE-2023-42954 - Unspecified vulnerability in Claris PRO and Filemaker Server

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

claris

NVD

Published: 2024-03-21

Updated: 2024-12-09

Summary

A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests.

Vulnerable Configurations

Part	Description	Count
Application	Claris Claris Filemaker Server - Claris Filemaker Server 19.1.2 Claris Filemaker Server 19.2.1 Claris Filemaker Server 19.3.1 Claris Filemaker Server 19.3.2 Claris Filemaker Server 19.4.1 Claris Filemaker Server 20.1.1 Claris Filemaker Server 20.1.2 Claris Filemaker Server 20.2.1 Claris Claris PRO -	10

References

https://support.claris.com/s/answerview?anum=000041424&language=en_US
https://support.claris.com/s/answerview?anum=000041424&language=en_US