Authenticated User Path Traversal Vulnerability
CVE-2024-6789

8.4HIGH

Key Information:

Vendor

M-files Corporation

Status
M-files Server
Vendor
CVE Published:
27 August 2024

What is CVE-2024-6789?

A path traversal issue in M-Files Server allows authenticated users to circumvent directory restrictions, leading to unauthorized access to sensitive files on the server. This vulnerability affects various versions of the product, making it crucial for users to update to the latest versions to mitigate risks associated with unauthorized file reading.

Affected Version(s)

M-Files Server 0 < 24.8.13981.0

M-Files Server LTS 24.2.0

M-Files Server LTS 23.8.0

References

https://product.m-files.com/security-advisories/cve-2024-...
vendor-advisory
https://empower.m-files.com/security-advisories/CVE-2024-...
vendor-advisory

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.