Lucene search

[email protected]CVE-2024-4056

HistoryApr 26, 2024 - 6:15 a.m.

CVE-2024-4056

2024-04-2606:15:06

CWE-400

[email protected]

web.nvd.nist.gov

denial of service

m-files server

unauthenticated user

computing resources

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "M-Files Server",
    "vendor": "M-Files Corporation",
    "versions": [
      {
        "lessThan": "24.4.13592.4",
        "status": "affected",
        "version": "23.11",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "24.2 LTS"
      }
    ]
  }
]

References

www.m-files.com/about/trust-center/security-advisories/cve-2024-4056/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-4056

nvd1 cvelist1