CVE-2024-4056
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| M-Files Corporation | M-Files Server | 23.11 < 24.4.13592.4 | affected |
| M-Files Corporation | M-Files Server | 24.2 LTS | unaffected |
Weaknesses
- CWE-1333: CWE-1333: Inefficient Regular Expression Complexity
Workarounds
No workaround available on affected versions.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
- https://product.m-files.com/security-advisories/cve-2024-4056/
- https://empower.m-files.com/security-advisories/CVE-2024-4056
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.