CVE-2023-3406

Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
M-Files CorporationCNA
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
m-filesclassic_web
𝑥
< 23.2
m-filesclassic_web
𝑥
< 23.6.12695.3
m-filesclassic_web
23.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://product.m-files.com/security-advisories/cve-2023-3406/
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3406