Description
Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources.
Affected products
M-Files Server before 24.4.13592.4 and after 23.11 M-Files Server not affected at 24.2 LTS
More information
Certain input values could be used to cause M-Files Server to consume excessive amount of time to process. CVSS 3.1 Base Score: 7.5 CVSS 3.1 Temporal Score: 6.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C CWE: CWE-1333: Inefficient Regular Expression Complexity CAPEC: CAPEC-492 Regular Expression Exponential Blowup Internal ID: 169892 Date issued: 2024-04-26
Exploitability
Publicly disclosed: No Exploited: No Probability of exploitation: low – internally found
