CVE-2022-1911: Information disclosure in M-Files Server

DESCRIPTION:

Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.

AFFECTED PRODUCTS:

M-Files Server before 22.6.11534.1 and before 22.6.11505.0.

MORE INFORMATION:

Error in parser function allowed unauthenticated user to query some information from the underlying operating system about some of the applications installed to the system. The vulnerability did not allow access to any file or document data.

CVSS 3.1 Score: 5.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC: CAPEC-169 Footprinting

Internal ID: 163219

Date issued: 2022-11-30

LINKS

https://www.cve.org/CVERecord?id=CVE-2022-1911