About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Product information and downloads/Security advisories

CVE-2022-4270 Incorrect privilege assignment

2022-12-02

Description

Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.

Affected products

M-Files Web Classic version before 22.5.11436.1. M-Files Web vNext version before 22.5.11436.1.

More information

User with access to a document with special ACL may have accidentally saved the document with incorrect default permissions. This vulnerability did not allow an attacker without the privileges to obtain more permissions. Vulnerability required very specific configuration. CVSS 3.1 Score: 2.0 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N CWE: CWE-266: Incorrect Privilege Assignment CAPEC: CAPEC-122 Privilege Abuse Internal ID: 162944,162904

Links

On this page
Description
Affected products
More information
Links
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions