CVE ID | DATE ISSUED | TITLE | PRODUCTS |
CVE-2022-1606 | 05-19-2022 | Incorrect Privilege Assignment | M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 |
CVE-2021-41810 | 04-27-2022 | Script injection | M-Files Server versions before 22.2.11051.0 |
CVE-2022-26809 | 04-16-2022 | Remote Procedure Call Runtime Remote Code Execution Vulnerability and M-Files | M-Files Server/Desktop/Classic Web/VNEXT/Mobile |
CVE-2022-22965 | 04-01-2022 | Spring Framework RCE and M-Files | M-Files Server/Desktop/Classic Web/VNEXT/Mobile |
CVE-2021-41809 | 01-17-2022 | SSRF Vulnerability | M-Files Server versions before 22.1.11017.1 |
CVE-2021-41808 | 01-17-2022 | Information disclosure | M-Files Server versions before 21.11.10775.0 |
CVE-2021-41807 | 01-17-2022 | Lack of rate-limiting | M-Files Server versions before 21.12.10873.0 M-Files Web versions before 21.12.10873.0 |
CVE-2021-44228 | 12-14-2021 | Log4j and M-Files | M-Files Server/Desktop/Classic Web/VNEXT/Mobile |
CVE-2021-37253 | 12-03-2021 | Denial of Service | M-Files Classic Web |
CVE-2021-37254 | 10-27-2021 | Information Disclosure Vulnerability | M-Files Web |
M-Files takes software vulnerabilities seriously. If you have identified a potential security vulnerability, be in touch.
M-Files celebrates those who help us identify and correct security vulnerabilities across all M-Files products.