CVE-2024-6789

A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 andLTS 24.2.13421.15 SR2 andLTS 23.8.12892.0 SR6 allows authenticated user to read files
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
M-Files CorporationCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
m-filesm-files_server
𝑥
< 24.2.13421.15
m-filesm-files_server
𝑥
< 24.8.13981.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://product.m-files.com/security-advisories/cve-2024-6789/