CVE-2021-41808

EUVD-2021-28813
In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2 LOW
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
M-Files CorporationCNA
2 LOW
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
m-filesm-files_server
𝑥
< 21.11.10775.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://empower.m-files.com/security-advisories/CVE-2021-41808
https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-41808/
https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-41808/