About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Product information and downloads/Security advisories

CVE-2022-3284 Insecure way of passing a download key

2023-03-06

Description

Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0.

Affected products

M-Files New Web before 22.11.12011.0.

More information

Download key for a file download was passed in a insecure way which makes the file public and accessible by unauthorise party as the key also contains the sessionID. CVSS 3.1 Score: 6.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor CAPEC: CAPEC-158 Sniffing Network Traffic Internal ID: 164237

Links

On this page
Description
Affected products
More information
Links
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions