CVE Vulnerabilities

CVE-2022-4270

Improper Privilege Management

Published: Dec 02, 2022 | Modified: Aug 28, 2024
CVSS 3.x
2.6
LOW
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Incorrect privilege assignment issue in M-Files Web in M-Files Web versions beforeĀ 22.5.11436.1 could have changed permissions accidentally.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
M-files_server M-files * 22.5.11436.1 (excluding)

Potential Mitigations

References