Unauthorized Access to Computing Resources via Denial of Service Condition
CVE-2024-4056

7.5HIGH

Key Information:

Vendor: M-files Corporation
Status: M-files Server
Vendor: CVE Published:; 26 April 2024

🔔 Create M-files Corporation Vulnerability Alert

What is CVE-2024-4056?

A vulnerability in M-Files Server creates a denial of service scenario where an unauthenticated user can exploit the system by consuming excessive computing resources. This security flaw affects M-Files Server versions prior to 24.4.13592.4 and those following version 23.11, with the exception of the 24.2 LTS release. Exploiting this vulnerability can lead to significant degradation of system performance, rendering the server less responsive or completely unresponsive to legitimate user requests.

Affected Version(s)

M-Files Server 23.11 < 24.4.13592.4

M-Files Server 24.2 LTS

References

https://product.m-files.com/security-advisories/cve-2024-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2024