CVE-2023-42954

2024-03-2123:15:09

[email protected]

web.nvd.nist.gov

filemaker server

privilege escalation

information exposure

admin console

security issue

vulnerability

nvd

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests.

Affected configurations

Vulners

Node

clarisfilemaker_serverRange<20.3.1

VendorProductVersionCPE
clarisfilemaker_server*cpe:2.3:a:claris:filemaker_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
claris	filemaker_server	*	cpe:2.3:a:claris:filemaker_server::::::::

CNA Affected

[
  {
    "vendor": "Claris",
    "product": "FileMaker Server",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "20.3.1",
        "versionType": "custom"
      }
    ]
  }
]

References

support.claris.com/s/answerview?anum=000041424&language=en_US