Search criteria
3 vulnerabilities found for server by m-files
FKIE_CVE-2021-41810
Vulnerability from fkie_nvd - Published: 2022-05-02 20:15 - Updated: 2024-11-21 06:26
Severity ?
5.2 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:m-files:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6C92B2-CB49-41BF-92AA-D630F14F563E",
"versionEndExcluding": "22.2.11051.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable"
},
{
"lang": "es",
"value": "La herramienta de administraci\u00f3n permite almacenar datos de configuraci\u00f3n con un script que puede ser ejecutado por otro administrador de la b\u00f3veda. Requiere autenticaci\u00f3n a nivel de administrador de la b\u00f3veda y no es explotable remotamente"
}
],
"id": "CVE-2021-41810",
"lastModified": "2024-11-21T06:26:48.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2,
"source": "security@m-files.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-02T20:15:08.050",
"references": [
{
"source": "security@m-files.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810/"
}
],
"sourceIdentifier": "security@m-files.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@m-files.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-41810 (GCVE-0-2021-41810)
Vulnerability from cvelistv5 – Published: 2022-05-02 19:06 – Updated: 2024-09-16 17:18
VLAI?
Title
Script injection in M-Files Server products with versions before 22.2.11051.0, allows executing stored script in admin tool
Summary
Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable
Severity ?
5.2 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| M-Files Corporation | M-Files Server |
Affected:
M-Files Server , < 22.2.11051.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:24.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "M-Files Server",
"vendor": "M-Files Corporation",
"versions": [
{
"lessThan": "22.2.11051.0",
"status": "affected",
"version": "M-Files Server",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T19:06:11",
"orgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
"shortName": "M-Files Corporation"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Script injection in M-Files Server products with versions before 22.2.11051.0, allows executing stored script in admin tool",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@m-files.com",
"DATE_PUBLIC": "2022-03-16T12:00:00.000Z",
"ID": "CVE-2021-41810",
"STATE": "PUBLIC",
"TITLE": "Script injection in M-Files Server products with versions before 22.2.11051.0, allows executing stored script in admin tool"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "M-Files Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "M-Files Server",
"version_value": "22.2.11051.0"
}
]
}
}
]
},
"vendor_name": "M-Files Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810/",
"refsource": "MISC",
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810/"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
"assignerShortName": "M-Files Corporation",
"cveId": "CVE-2021-41810",
"datePublished": "2022-05-02T19:06:11.675159Z",
"dateReserved": "2021-09-29T00:00:00",
"dateUpdated": "2024-09-16T17:18:03.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41810 (GCVE-0-2021-41810)
Vulnerability from nvd – Published: 2022-05-02 19:06 – Updated: 2024-09-16 17:18
VLAI?
Title
Script injection in M-Files Server products with versions before 22.2.11051.0, allows executing stored script in admin tool
Summary
Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable
Severity ?
5.2 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| M-Files Corporation | M-Files Server |
Affected:
M-Files Server , < 22.2.11051.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:24.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "M-Files Server",
"vendor": "M-Files Corporation",
"versions": [
{
"lessThan": "22.2.11051.0",
"status": "affected",
"version": "M-Files Server",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T19:06:11",
"orgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
"shortName": "M-Files Corporation"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Script injection in M-Files Server products with versions before 22.2.11051.0, allows executing stored script in admin tool",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@m-files.com",
"DATE_PUBLIC": "2022-03-16T12:00:00.000Z",
"ID": "CVE-2021-41810",
"STATE": "PUBLIC",
"TITLE": "Script injection in M-Files Server products with versions before 22.2.11051.0, allows executing stored script in admin tool"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "M-Files Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "M-Files Server",
"version_value": "22.2.11051.0"
}
]
}
}
]
},
"vendor_name": "M-Files Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810/",
"refsource": "MISC",
"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810/"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
"assignerShortName": "M-Files Corporation",
"cveId": "CVE-2021-41810",
"datePublished": "2022-05-02T19:06:11.675159Z",
"dateReserved": "2021-09-29T00:00:00",
"dateUpdated": "2024-09-16T17:18:03.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}