CVE-2022-4861: Incorrect Implementation of Authentication Algorithm

DESCRIPTION

Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.

AFFECTED PRODUCTS

M-Files Client before 22.5.11356.0.

MORE INFORMATION

Exploiting the vulnerability requires server administrator privileges.

CVSS 3.1 Score: 4.8

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N

CWE: CWE-303 Incorrect Implementation of Authentication Algorithm

CAPEC: CAPEC-114 Authentication Abuse

Internal ID: 161882

Date issued: 2022-12-30

LINKS

https://www.cve.org/CVERecord?id=CVE-2022-4861

Review M-Files on Gartner® Peer Insights™ & get a $25 gift card!

Review now
X