PT-2021-21592 · M Files · M-Files Web

Published

2021-10-28

Updated

2022-07-12

CVE-2021-37254

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions M-Files Web versions prior to 20.10.9524.1 M-Files Web versions prior to 20.10.9445.0

Description A remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on the server.

Recommendations For versions prior to 20.10.9524.1, update to version 20.10.9524.1 or later. For versions prior to 20.10.9445.0, update to version 20.10.9445.0 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-37254

Affected Products

M-Files Web

PT-2021-21592 · M Files · M-Files Web

CVE-2021-37254

Related Identifiers

Affected Products

References · 5