About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Product information and downloads/Security advisories

CVE-2022-1911 Information disclosure in M-Files Server

2022-11-30

Description

Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.

Affected products

M-Files Server before 22.6.11534.1 and before 22.6.11505.0.

More information

Error in parser function allowed unauthenticated user to query some information from the underlying operating system about some of the applications installed to the system. The vulnerability did not allow access to any file or document data. CVSS 3.1 Score: 5.3 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CAPEC: CAPEC-169 Footprinting Internal ID: 163219

Links

On this page
Description
Affected products
More information
Links
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions