CVE-2022-4861

Summary

Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.

Affected Software

VendorProductVersion RangeStatus
M-FilesM-Files Client0 < 22.5.11356.0affected

Weaknesses

  • CWE-303: CWE-303 Incorrect Implementation of Authentication Algorithm

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References