Authenticated User Path Traversal Vulnerability
CVE-2024-6789

6.5MEDIUM

Key Information:

Vendor: M-files Corporation
Status: M-files Server
Vendor: CVE Published:; 27 August 2024

🔔 Create M-files Corporation Vulnerability Alert

What is CVE-2024-6789?

A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files

Affected Version(s)

M-Files Server 0 < 24.8.13981.0

M-Files Server LTS 24.2.0

M-Files Server LTS 23.8.0

References

https://product.m-files.com/security-advisories/cve-2024-...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 27, 2024
Vulnerability Reserved
Jul 16, 2024