In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.
Risk level: Low
Fix: Upgrade to version 20.10.9524.1 or 20.10.9445.0 or later.
* M-Files Web version before 20.10.9524.1
* M-Files Web version before 20.10.9445.0
M-Files Web revealed 3rd party license key. This vulnerability does not have impact on customer data.
We thank Murat Aydemir from Cyberwise (Turkey) for responsible disclosure.
Date issued: 2021-10-27