CVE-2022-4861

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions M-Files Client versions prior to 22.5.11356.0 M-Files Server versions prior to 22.5.11356.0

Description The issue is related to an incorrect implementation in the authentication protocol, allowing a high-privileged user to obtain other users' tokens for another resource.

Recommendations For M-Files Client versions prior to 22.5.11356.0, update to version 22.5.11356.0 or later. For M-Files Server versions prior to 22.5.11356.0, update to version 22.5.11356.0 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-303

Related Identifiers

CVE-2022-4861

Affected Products

M-Files Client

M-Files Server

CVE-2022-4861

Weakness Enumeration

Related Identifiers

Affected Products

References · 8