Vulnerabilities (CVE)

Filtered by vendor M-files Subscribe

Filtered by product M-files Web

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-37254	1 M-files	1 M-files Web	2022-07-12	5.0 MEDIUM	7.5 HIGH
In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.
CVE-2021-37253	1 M-files	1 M-files Web	2022-01-18	7.8 HIGH	7.5 HIGH
DISPUTED M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application.