CVE-2023-6910

Summary

A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests.

Affected Software

VendorProductVersion RangeStatus
M-Files CorporationM-Files Server0 < 23.12.13195.0affected
M-Files CorporationM-Files Server23.8 LTS SR4unaffected
M-Files CorporationM-Files Server23.2 LTS SR6unaffected

Weaknesses

  • CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling

ADP Enrichment

CVE Program Container

Additional References

References