CVE-2022-1911: Information Disclosure in M-Files Server

DESCRIPTION:

Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.

AFFECTED PRODUCTS:

All M-Files Server versions before 22.3.111.64.0 and before 22.3.11237.1.

MORE INFORMATION:

Error in parser function allowed unauthenticated user to query some information from the underlying operating system about some of the applications installed to the system. The vulnerability did not allow access to any file or document data.

CVSS 3.1  Score: 5.3

CVSS Vector:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC: CAPEC-169 Footprinting

Internal ID: 163219


Date issued: 2022-11-30

LINKS

https://www.cve.org/CVERecord?id=CVE-2022-1911