CVE-2021-37254 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-37254

CWE

https://cwe.mitre.org/data/definitions/.html

In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.

Affected Software

Name	Vendor	Start Version	End Version
M-files_web	M-files	*	20.10.9445.0 (excluding)
M-files_web	M-files	20.10.9500.0 (including)	20.10.9534.1 (excluding)

References

https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-37254/
https://www.m-files.com/company/trust-center/vulnerability-disclosure/
https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-37254/
https://www.m-files.com/company/trust-center/vulnerability-disclosure/