PT-2024-37864 · M Files · M-Files Server
Published
2024-08-27
·
Updated
2026-02-23
·
CVE-2024-6789
CVSS v4.0
8.4
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/RE:M/U:Green |
Name of the Vulnerable Software and Affected Versions
M-Files Server versions prior to 24.8.13981.0
M-Files Server LTS versions prior to 24.2.13421.15 SR2
M-Files Server LTS versions prior to 23.8.12892.0 SR6
Description
A path traversal issue in the API endpoint of M-Files Server allows an authenticated user to read files.
Recommendations
For M-Files Server versions prior to 24.8.13981.0, upgrade to version 24.8.13981.0 or later.
For M-Files Server LTS versions prior to 24.2.13421.15 SR2, upgrade to version 24.2.13421.15 SR2 or later.
For M-Files Server LTS versions prior to 23.8.12892.0 SR6, upgrade to version 23.8.12892.0 SR6 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
M-Files Server