CVE-2024-4056: Denial of Service condition in M-Files Server

DESCRIPTION

Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources.

AFFECTED PRODUCTS

M-Files Server before 24.4.13592.4 and after 23.11
M-Files Server not affected at 24.2 LTS

MORE INFORMATION

Certain input values could be used to cause M-Files Server to consume excessive amount of time to process.

CVSS 3.1 Base Score: 7.5
CVSS 3.1 Temporal Score: 6.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE: CWE-1333: Inefficient Regular Expression Complexity

CAPEC: CAPEC-492 Regular Expression Exponential Blowup

Internal ID: 169892

Date issued: 2024-04-26

EXPLOITABILITY

Publicly disclosed: No
Exploited: No
Probability of exploitation: low – internally found

LINKS

https://www.cve.org/CVERecord?id=CVE-2024-4056

HISTORY

2024-04-26 Published
2024-08-27 CWE Updated

Review M-Files on Gartner® Peer Insights™ & get a $25 gift card!

X