CVE-2023-3425

EUVD-2023-44091
Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
M-Files CorporationCNA
6.5 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
m-filesclassic_web
𝑥
< 23.2
m-filesclassic_web
𝑥
< 23.6.12695.3
m-filesclassic_web
23.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://empower.m-files.com/security-advisories/CVE-2023-3425
https://product.m-files.com/security-advisories/cve-2023-3425/
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3425