CVE-2023-5524

Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows 

Remote Code Execution

 via specific file types
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
M-Files CorporationCNA
8.2 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
m-filesweb_companion
𝑥
< 23.8
m-filesweb_companion
23.3 ≤
𝑥
< 23.10
m-filesweb_companion
23.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://product.m-files.com/security-advisories/cve-2023-5524/
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5524/