About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Product information and downloads/Security advisories

CVE-2021-41809 SSRF Vulnerability

2022-01-17

Description

SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, allows requests from server.

Affected products

M-Files Server version before 22.1.11017.1

More information

A preview function allowed making queries from the server with certain document types referencing external entities. Vulnerability was found by an external security researcher. CWE: CWE-918 CVSS 3.1 Score: 3.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

On this page
Description
Affected products
More information
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions