CVE-2022-4861
30.12.2022, 14:15
Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.Enginsight
| Vendor | Product | Version |
|---|---|---|
| m-files | m-files_client | 𝑥 < 22.5.11356.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-303 - Incorrect Implementation of Authentication AlgorithmThe requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.