Vulnerabilities > M Files

DATE CVE VULNERABILITY TITLE RISK
2023-12-20 CVE-2023-6910 Unspecified vulnerability in M-Files Server
A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption.
network
low complexity
m-files
6.5
2023-12-20 CVE-2023-6912 Improper Restriction of Excessive Authentication Attempts vulnerability in M-Files Server
Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.
network
low complexity
m-files CWE-307
critical
9.8
2023-11-28 CVE-2023-6239 Improper Preservation of Permissions vulnerability in M-Files Server 23.10/23.9
Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object.
network
low complexity
m-files CWE-281
8.8
2023-11-22 CVE-2023-6117 Unspecified vulnerability in M-Files Server
A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks.
network
low complexity
m-files
7.5
2023-11-22 CVE-2023-6189 Unspecified vulnerability in M-Files Server
Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods.
network
low complexity
m-files
5.3
2023-10-20 CVE-2023-2325 Cross-site Scripting vulnerability in M-Files Classic web 23.2/23.6.12695.3/23.8
Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.
network
low complexity
m-files CWE-79
5.4
2023-10-20 CVE-2023-5523 Inclusion of Functionality from Untrusted Control Sphere vulnerability in M-Files web Companion 23.8
Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution 
local
low complexity
m-files CWE-829
7.8
2023-10-20 CVE-2023-5524 Unrestricted Upload of File with Dangerous Type vulnerability in M-Files web Companion 23.8
Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types
local
low complexity
m-files CWE-434
7.3
2023-08-25 CVE-2023-3406 Path Traversal vulnerability in M-Files Classic web 23.2
Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server
network
low complexity
m-files CWE-22
6.5
2023-08-25 CVE-2023-3425 Out-of-bounds Read vulnerability in M-Files Classic web 23.2
Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.
network
low complexity
m-files CWE-125
5.3