PT-2022-11488 · M Files · M-Files Server
Published
2022-01-18
·
Updated
2026-02-23
·
CVE-2021-41808
CVSS v3.1
2.3
Low
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
M-Files Server versions prior to 21.11.10775.0
Description
The issue concerns the logging of Federated authentication to the event log in the M-Files Server product, where sensitive information is written to the log when this feature is enabled. It is noted that logging is disabled by default, which acts as a mitigating factor.
Recommendations
For versions prior to 21.11.10775.0, consider disabling the logging of Federated authentication to the event log to prevent sensitive information from being written to the log until a fixed version is available.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
M-Files Server