CVE-2023-5524

EUVD-2023-57837
Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows 

Remote Code Execution

 via specific file types
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
M-Files CorporationCNA
8.2 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
m-filesweb_companion
𝑥
< 23.8
m-filesweb_companion
23.3 ≤
𝑥
< 23.10
m-filesweb_companion
23.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://empower.m-files.com/security-advisories/CVE-2023-5524
https://product.m-files.com/security-advisories/cve-2023-5524/
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5524/