CVE-2023-5523

Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows 

Remote Code Execution
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
M-Files CorporationCNA
8.6 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
m-filesweb_companion
𝑥
< 23.8
m-filesweb_companion
23.3 ≤
𝑥
< 23.10
m-filesweb_companion
23.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://product.m-files.com/security-advisories/cve-2023-5523/
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5523/