CVE-2021-41808

In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2 LOW
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
M-Files CorporationCNA
2 LOW
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
m-filesm-files_server
𝑥
< 21.11.10775.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-41808/
https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-41808/