Uncontrolled Resource Consumption in M-Files Server
CVE-2023-6910

6.5MEDIUM

Key Information:

Vendor: M-files Corporation
Status: M-files Server
Vendor: CVE Published:; 20 December 2023

🔔 Create M-files Corporation Vulnerability Alert

What is CVE-2023-6910?

A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests.

Affected Version(s)

M-Files Server 0 < 23.12.13195.0

M-Files Server 23.8 LTS SR4

M-Files Server 23.2 LTS SR6

References

https://product.m-files.com/security-advisories/cve-2023-...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2023
Vulnerability Reserved
Dec 18, 2023