About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Product information and downloads/Security advisories

CVE-2022-4858 Insertion of Sensitive Information into Log File

2022-12-30

Description

Insertion of Sensitive Information into Log Files in M-Files Server in M-Files before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.

Affected products

M-Files Server before 22.10.11846.0.

More information

User with lower privilege role could have access to log files that are not supposed to contain sensitive information. Vulnerability would require access to the server or other storage where logs are stored. CVSS 3.1 Score: 4.4 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CWE: CWE-532 Insertion of Sensitive Information into Log File CAPEC: CAPEC-545 Pull Data from System Resources Internal ID: 164526

Links

On this page
Description
Affected products
More information
Links
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions