Unauthorized Access Vulnerability in Claris FileMaker Server
CVE-2024-27790

7.5HIGH

Key Information:

Vendor: Claris
Status: Filemaker Server
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-27790?

Claris International has addressed a significant issue that could permit unauthorized access to sensitive records stored in databases managed by FileMaker Server. This vulnerability was identified in multiple earlier versions of the product, leading to a risk whereby attackers could exploit the lack of adequate transaction validation. To enhance security, Claris has implemented a fix in FileMaker Server version 20.3.2, which ensures that all transactions are thoroughly validated before responses are sent to client requests. Users are encouraged to update to this version to mitigate the risks associated with this vulnerability.

References

https://support.claris.com/s/answerview?anum=000041674&la...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024

CVE-2024-27790 Data

JSON