23.9

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

m-files

CWE-281

NVD

Published: 2023-11-28

Updated: 2023-12-04

Summary

Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.

Vulnerable Configurations

Part	Description	Count
Application	M-Files M Files M Files Server * M Files M Files Server 23.10 M Files M Files Server 23.9	3

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6239/