Vulnerabilities > CVE-2023-5523 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in M-Files web Companion 23.8

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

m-files

CWE-829

NVD

Published: 2023-10-20

Updated: 2023-10-28

Summary

Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution

Vulnerable Configurations

Part	Description	Count
Application	M-Files M Files WEB Companion * M Files WEB Companion 23.8	3

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

References

https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5523/