VYPR

FileMaker Server

by Claris

CVEs (4)

  • CVE-2024-27794MedApr 15, 2024
    risk 0.40cvss 6.1epss 0.00

    Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML…

  • CVE-2021-44147MedNov 22, 2021
    risk 0.36cvss 5.5epss 0.01

    An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.

  • CVE-2023-42955MedMay 14, 2024
    risk 0.32cvss 4.9epss 0.00

    Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role…

  • CVE-2023-42954MedMar 21, 2024
    risk 0.32cvss 4.9epss 0.00

    A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in…