VYPR

M-Files Server

by M Files Corporation"

CVEs (32)

  • CVE-2024-10127CriNov 20, 2024
    risk 0.64cvss 9.8epss 0.01

    Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration.

  • CVE-2025-13008HigDec 19, 2025
    risk 0.56cvss epss 0.01

    An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users.

  • CVE-2025-0635HigJan 23, 2025
    risk 0.49cvss 7.5epss 0.01

    Denial of service condition in M-Files Server in versions before 25.1.14445.5 allows an unauthenticated user to consume computing resources in certain conditions.

  • CVE-2024-4056HigApr 26, 2024
    risk 0.49cvss 7.5epss 0.01

    Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources.

  • CVE-2023-6912HigDec 20, 2023
    risk 0.49cvss 7.5epss 0.01

    Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.

  • CVE-2023-3405HigJun 27, 2023
    risk 0.49cvss 7.5epss 0.01

    Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service

  • CVE-2023-0383HigApr 20, 2023
    risk 0.49cvss 7.5epss 0.01

    User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.

  • CVE-2021-41807HigJan 18, 2022
    risk 0.49cvss 7.5epss 0.01

    Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.

  • CVE-2026-0932HigApr 1, 2026
    risk 0.47cvss 7.3epss 0.00

    Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs.

  • CVE-2026-0983HigMay 18, 2026
    risk 0.46cvss epss 0.00

    Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash

  • CVE-2025-3086HigApr 4, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service

  • CVE-2025-5964MedJun 15, 2025
    risk 0.43cvss 6.5epss 0.10

    A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server.

  • CVE-2024-6789MedAug 27, 2024
    risk 0.42cvss 6.5epss 0.01

    A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files

  • CVE-2023-6910MedDec 20, 2023
    risk 0.42cvss 6.5epss 0.01

    A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests.

  • CVE-2023-3425MedAug 25, 2023
    risk 0.42cvss 6.5epss 0.01

    Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.

  • CVE-2023-0384MedApr 20, 2023
    risk 0.42cvss 6.5epss 0.01

    User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled job.

  • CVE-2023-0382MedApr 5, 2023
    risk 0.42cvss 6.5epss 0.01

    User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.

  • CVE-2023-6117MedNov 22, 2023
    risk 0.37cvss 5.7epss 0.01

    A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks.

  • CVE-2023-6239MedNov 28, 2023
    risk 0.35cvss 5.4epss 0.01

    Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized…

  • CVE-2022-1911MedNov 30, 2022
    risk 0.34cvss 5.3epss 0.01

    Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.

Page 1 of 2