CVE-2023-3405

Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
M-Files CorporationCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
m-filesm-files_server
𝑥
< 23.6.12695.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://product.m-files.com/security-advisories/cve-2023-3405/
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405-denial-of-service-in-m-files-server/
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405