Improper Access Control Vulnerability in M-Files Aino Could Allow Object Information Access via Incorrect Calculation of Effective Permissions
CVE-2024-11176

5.3MEDIUM

Key Information:

Vendor: M-files Corporation
Status: M-files Aino
Vendor: CVE Published:; 20 November 2024

🔔 Create M-files Corporation Vulnerability Alert

What is CVE-2024-11176?

Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an authenticated user to access object information via incorrect evaluation of effective permissions.

Affected Version(s)

M-Files Aino Windows 0 < 24.10

References

https://product.m-files.com/security-advisories/CVE-2024-...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2024
Vulnerability Reserved
Nov 13, 2024