Description
Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users
Affected products
M-Files Server before 24.2 M-Files Server before 23.2 LTS SR7 M-Files Server before 23.8 LTS SR5
More information
Anonymous user may use M-Files Server functionality to cause resource usage based denial of service to other anonymous user sessions. CVSS 3.1 Base Score: 4.3 CVSS 3.1 Temporal Score: 3.8 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C CWE: CWE-770 Allocation of Resources Without Limits or Throttling CAPEC: CAPEC-125: Flooding Internal ID: 168006 Date issued: 2024-02-23
Exploitability
Publicly disclosed: No Exploited: No Propability of exploitation: low – internally found
