CVE-2023-2480: Elevation of Privilege in M-Files Desktop Client
First published: Thu May 25 2023(Updated: )
Missing access permissions checks in M-Files Client before 23.5.12598.0 allows elevation of privilege via UI extension applications
Credit: security@m-files.com security@m-files.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| M-files M-files | <23.5.12598.0 |
Remedy
Upgrade to patched versions.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-2480.
What is the title of this vulnerability?
The title of this vulnerability is 'Missing access permissions checks in M-Files Client before 23.5.12598.0 allows elevation of privilege.'
What is the severity of CVE-2023-2480?
The severity of CVE-2023-2480 is high with a severity value of 7.8.
How does CVE-2023-2480 allow elevation of privilege?
CVE-2023-2480 allows elevation of privilege via UI extension applications.
How can I fix the CVE-2023-2480 vulnerability?
To fix the CVE-2023-2480 vulnerability, update your M-Files Client to version 23.5.12598.0 or newer, excluding 23.2 SR2 and newer.
- collector/nvd-latest
- vendor/m-files
- product/m-files
- canonical/m-files m-files
- collector/nvd-index
- agent/weakness
- agent/type
- agent/description
- agent/softwarecombine
- agent/severity
- agent/title
- agent/remedy
- agent/author
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup