Vulnerability Details : CVE-2021-41808
In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default.
Products affected by CVE-2021-41808
- cpe:2.3:a:m-files:m-files_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-41808
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-41808
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:P/I:N/A:N |
3.4
|
2.9
|
NIST | |
2.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
0.8
|
1.4
|
NIST | |
2.0
|
LOW | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N |
0.6
|
1.4
|
M-Files Corporation |
CWE ids for CVE-2021-41808
-
The product writes sensitive information to a log file.Assigned by:
- nvd@nist.gov (Primary)
- security@m-files.com (Secondary)
References for CVE-2021-41808
-
https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-41808/
Page not found - M-FilesVendor Advisory
Jump to