CVE-2022-3284

Name of the Vulnerable Software and Affected Versions M-Files New Web versions prior to 22.11.12011.0

Description The download key for a file in a vault was passed in an insecure manner, making it easily loggable. This issue may potentially affect a significant number of devices worldwide, although the exact number is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For versions prior to 22.11.12011.0, update to version 22.11.12011.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files in the vault until the update is applied.