Main Vulnerability Database SB2021110308

SB2021110308 - Information disclosure in M-Files Web

Published: November 3, 2021

Security Bulletin ID SB2021110308

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Information disclosure (CVE-ID: CVE-2021-37254)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can obtain unauthenticated access to 3rd party component license key information on server.

Remediation

Install update from vendor's website.

References

https://www.m-files.com/company/trust-center/vulnerability-disclosure/
https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-37254/