CVE-2021-41808

Summary

In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default.

Affected Software

VendorProductVersion RangeStatus
M-FilesM-Files ServerOnline < 21.11.10775.0affected
M-FilesM-Files Server2018 < 21.11.10775.0affected

Weaknesses

  • CWE-532: CWE-532 Information Exposure Through Log Files

ADP Enrichment

CVE Program Container

Additional References

References