Privilege Escalation Vulnerability in FileMaker Server Could Expose Sensitive Information
CVE-2023-42954

4.9MEDIUM

Key Information:

Vendor: Claris
Status: Filemaker Server
Vendor: CVE Published:; 21 March 2024

What is CVE-2023-42954?

A privilege escalation issue within FileMaker Server can potentially expose sensitive information to front-end websites when users are logged into the Admin Console as administrators. The vulnerability allows for unauthorized access to sensitive data, thus posing a significant risk to the confidentiality of information managed by the server. This issue has been addressed in version 20.3.1 of FileMaker Server by implementing measures that reduce the amount of information transmitted in requests, enhancing the overall security posture of the application.

Affected Version(s)

FileMaker Server < 20.3.1

References

https://support.claris.com/s/answerview?anum=000041424&la...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 21, 2024
Vulnerability Reserved
Sep 14, 2023

CVE-2023-42954 Data

JSON

Claris

What is CVE-2023-42954?

Affected Version(s)

References

CVSS V3.1

Timeline