CVE-2022-1911: Information disclosure in M-Files Server

DESCRIPTION

Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.

AFFECTED PRODUCTS

M-Files Server before 22.6.11534.1 and before 22.6.11505.0.

MORE INFORMATION

Error in parser function allowed unauthenticated user to query some information from the underlying operating system about some of the applications installed to the system. The vulnerability did not allow access to any file or document data.

CVSS 3.1 Score: 5.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC: CAPEC-169 Footprinting

Internal ID: 163219

Date issued: 2022-11-30

LINKS

https://www.cve.org/CVERecord?id=CVE-2022-1911

Review M-Files on Gartner® Peer Insights™ & get a $25 gift card!

Review now
X