PT-2021-24044 · Clarisa · Claris Filemaker Pro+1

David Hamann

Published

2021-11-22

Updated

2021-11-23

CVE-2021-44147

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Claris FileMaker Pro and Server (including WebDirect) versions prior to 19.4.1

Description: The issue allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.

Recommendations: For versions prior to 19.4.1, update to version 19.4.1 or later to resolve the issue.

Exploit

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2021-44147

Affected Products

Claris Filemaker Pro

Claris Filemaker Server

PT-2021-24044 · Clarisa · Claris Filemaker Pro+1

CVE-2021-44147

Weakness Enumeration

Related Identifiers

Affected Products

References · 5