About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Product information and downloads/Security advisories

CVE-2022-4861 Incorrect Implementation of Authentication Algorithm

2022-12-30

Description

Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.

Affected products

M-Files Client before 22.5.11356.0.

More information

Exploiting the vulnerability requires server administrator privileges. CVSS 3.1 Score: 4.8 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N CWE: CWE-303 Incorrect Implementation of Authentication Algorithm CAPEC: CAPEC-114 Authentication Abuse Internal ID: 161882

Links

On this page
Description
Affected products
More information
Links
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions