M Files Web
Approved changes feed: RSS · Atom
cpe:2.3:a:m-files:m-files_web:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | M Files (eb040204-ad59-500e-add5-a0873eedc68c) |
|---|---|
| Product | M Files Web (87d45955-833b-5254-93bf-b090d5a70664) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-3406 |
vulnerable | 2026-06-08 06:09:39.497314 |
Path traversal issue in M-Files Classic Web
HIGH (7.7)
Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server
Published: 2023-08-25T08:11:46.246Z
Updated: 2026-02-23T08:48:04.741Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-2325 |
vulnerable | 2026-06-08 06:02:42.076855 |
Stored XSS Vulnerability in M-Files Classic Web
HIGH (7.3)
Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.
Published: 2023-10-20T06:39:44.747Z
Updated: 2026-02-23T08:40:56.290Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4270 |
vulnerable | 2026-06-08 05:51:37.094628 |
Incorrect privilege assignment in M-Files Web Server
LOW (2)
Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.
Published: 2022-12-02T12:20:58.815Z
Updated: 2026-02-23T08:08:41.201Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4264 |
vulnerable | 2026-06-08 05:51:37.083574 |
Incorrect privilege assignment in M-Files Web Server
MEDIUM (6.5)
Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration.
Published: 2022-12-09T14:08:40.778Z
Updated: 2026-02-23T07:59:22.697Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-41807 |
vulnerable | 2026-06-08 05:35:21.067939 |
Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0, allows brute-forcing of certain type of user accounts.
HIGH (7.5)
Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.
Published: 2022-01-18T16:51:50.929Z
Updated: 2026-02-23T07:49:22.819Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37254 |
vulnerable | 2026-06-08 05:32:53.975784 |
Details available
In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.
Published: 2021-10-28T13:07:33.000Z
Updated: 2024-08-04T01:16:03.930Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37253 |
vulnerable | 2026-06-08 05:32:53.975243 |
Details available
M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application
Published: 2021-12-05T20:28:48.000Z
Updated: 2024-08-04T01:16:03.953Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.