Authentication bypass through OpenLDAP configuration
CVE-2024-10127

9.2CRITICAL

Key Information:

Vendor: M-files Corporation
Status: M-files Server
Vendor: CVE Published:; 20 November 2024

🔔 Create M-files Corporation Vulnerability Alert

What is CVE-2024-10127?

The M-Files Server has a vulnerability that allows unauthorized access through an authentication bypass condition in its LDAP authentication implementation. This issue arises in versions earlier than 24.11 where the server's configuration permits user authentication without a password if the LDAP setup is vulnerable. This flaw poses significant risks to users relying on LDAP for authentication and can lead to unauthorized access to sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

M-Files Server Windows 0 < 24.11

M-Files Server Windows 0 < 24.8 LTS SR2

References

https://product.m-files.com/security-advisories/CVE-2024-...

vendor-advisory

https://empower.m-files.com/security-advisories/CVE-2024-...

vendor-advisory

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Nov 20, 2024
Vulnerability Reserved
Oct 18, 2024

JSON

M-files Corporation

What is CVE-2024-10127?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.