About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Product information and downloads/Security advisories

CVE-2023-3406 Path traversal issue in M-Files Classic Web

2023-08-25

Description

Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server Risk level: Medium

Affected products

M-Files Classic Web before 23.6.12695.3 M-Files Classic Web before 23.2 LTS SR3

More information

Path traversal issue could have allowed authenticated user to read some restricted files from the web server. CVSS 3.1 Base Score: 7.7 CVSS 3.1 Temporal Score: 6.4 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:R CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CAPEC: CAPEC-126 Path Traversal Internal ID: 167085

Links

On this page
Description
Affected products
More information
Links
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions