Insertion of Sensitive Information into Log Files in M-Files Server in M-Files before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.
M-Files Server before 22.10.11846.0.
User with lower privilege role could have access to log files that are not supposed to contain sensitive information. Vulnerability would require access to the server or other storage where logs are stored.
CVSS 3.1 Score: 4.4
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-532 Insertion of Sensitive Information into Log File
CAPEC: CAPEC-545 Pull Data from System Resources
Internal ID: 164526
Date issued: 2022-12-30