CVE-2022-4858: Insertion of Sensitive Information into Log File

DESCRIPTION

Insertion of Sensitive Information into Log Files in M-Files Server in M-Files before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.

AFFECTED PRODUCTS

M-Files Server before 22.10.11846.0.

MORE INFORMATION

User with lower privilege role could have access to log files that are not supposed to contain sensitive information. Vulnerability would require access to the server or other storage where logs are stored.

CVSS 3.1 Score: 4.4

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-532 Insertion of Sensitive Information into Log File

CAPEC: CAPEC-545 Pull Data from System Resources

Internal ID: 164526


Date issued: 2022-12-30

LINKS

https://www.cve.org/CVERecord?id=CVE-2022-4858

Review M-Files on Gartner® Peer Insights™ & get a $25 gift card!

X