M-files

M-files Server

35 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2025-0619

  • EPSS 0.41%
  • Veröffentlicht 23.01.2025 11:15:10
  • Zuletzt bearbeitet 23.02.2026 11:16:18

Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords

9.8

CVE-2024-10127

  • EPSS 0.6%
  • Veröffentlicht 20.11.2024 09:15:04
  • Zuletzt bearbeitet 23.02.2026 11:16:16

Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration...

4.3

CVE-2024-10126

  • EPSS 0.37%
  • Veröffentlicht 20.11.2024 09:15:03
  • Zuletzt bearbeitet 23.02.2026 11:16:16

Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview.

6.5

CVE-2024-6789

  • EPSS 0.56%
  • Veröffentlicht 27.08.2024 10:15:05
  • Zuletzt bearbeitet 23.02.2026 11:16:17

A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files

7.5

CVE-2024-4056

  • EPSS 0.78%
  • Veröffentlicht 26.04.2024 06:15:06
  • Zuletzt bearbeitet 23.02.2026 11:16:17

Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources.

6.5

CVE-2024-0563

  • EPSS 0.71%
  • Veröffentlicht 23.02.2024 09:15:22
  • Zuletzt bearbeitet 23.02.2026 11:16:16

Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.

6.5

CVE-2023-6910

  • EPSS 0.92%
  • Veröffentlicht 20.12.2023 10:15:08
  • Zuletzt bearbeitet 23.02.2026 09:16:16

A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests.

9.8

CVE-2023-6912

  • EPSS 0.98%
  • Veröffentlicht 20.12.2023 10:15:08
  • Zuletzt bearbeitet 23.02.2026 11:16:15

Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.

8.8

CVE-2023-6239

  • EPSS 0.57%
  • Veröffentlicht 28.11.2023 14:15:07
  • Zuletzt bearbeitet 23.02.2026 09:16:16

Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentiall...

5.3

CVE-2023-6189

  • EPSS 0.51%
  • Veröffentlicht 22.11.2023 10:15:09
  • Zuletzt bearbeitet 23.02.2026 09:16:16

Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods.