CVE-2022-4858: Insertion of Sensitive Information into Log File
DESCRIPTION
Insertion of Sensitive Information into Log Files in M-Files Server in M-Files before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.
AFFECTED PRODUCTS
M-Files Server before 22.10.11846.0.
MORE INFORMATION
User with lower privilege role could have access to log files that are not supposed to contain sensitive information. Vulnerability would require access to the server or other storage where logs are stored.
CVSS 3.1 Score: 4.4
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-532 Insertion of Sensitive Information into Log File
CAPEC: CAPEC-545 Pull Data from System Resources
Internal ID: 164526
Date issued: 2022-12-30
LINKS
https://www.cve.org/CVERecord?id=CVE-2022-4858