CVE-2022-4861: Incorrect Implementation of Authentication Algorithm

DESCRIPTION:

Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.

AFFECTED PRODUCTS:

M-Files Client before 22.5.11356.0.

MORE INFORMATION:

Exploiting the vulnerability requires server administrator privileges.

CVSS 3.1 Score: 4.8

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N

CWE: CWE-303 Incorrect Implementation of Authentication Algorithm

CAPEC: CAPEC-114 Authentication Abuse

Internal ID: 161882

---

Date issued: 2022-12-30

LINKS: https://www.cve.org/CVERecord?id=CVE-2022-4861