About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Product information and downloads/Security advisories

CVE-2023-2112 Desktop Component allows lateral movement between sessions

2023-04-20

Description

Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.

Affected products

M-Files Desktop before 23.4.12455.0

More information

Desktop component service launch session status function which allows lateral movement between sessions in M-Files. CVSS 3.1 Score: 3.6 CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CWE: CWE-284 Improper Access Control CAPEC: CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs Internal ID: 166132

Links

On this page
Description
Affected products
More information
Links
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions