About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Product information and downloads/Security advisories

CVE-2022-4264 Incorrect privilege assignment

2022-12-09

Description

Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration.

Affected products

M-Files Web Classic version before 22.8.11691.0.

Not affected products

Low privilege user could have changed some limited local web configuration data affecting M-Files Web. CVSS 3.1 Score: 6.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CWE: CWE-269 Improper Privilege Management CAPEC: CAPEC-176 Configuration/Environment Manipulation Internal ID: 163836

Links

On this page
Description
Affected products
Not affected products
Links
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions