About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Product information and downloads/Security advisories

CVE-2023-2480 Elevation of Privilege in M-Files Desktop Client

2023-05-25

Description

Missing access permissions checks in M-Files Client before 23.5.12598.0 allows elevation of privilege via UI extension applications.

Affected products

M-Files Client before 23.5.12598.0

More information

Successfull exploit of the vulnerability requires complex user interaction by first getting user to create a connection to external vault controlled by the attacker and then separately accepting application from it. CVSS 3.1 Score: 7.5 CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N CWE: CWE-280 Improper Handling of Insufficient Permissions or Privileges CAPEC: CAPEC-212 Functionality Misuse Internal ID: 161636

Links

On this page
Description
Affected products
More information
Links
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions