CVE-2022-4858: Insertion of Sensitive Information into Log File

DESCRIPTION:

Insertion of Sensitive Information into Log Files in M-Files Server in M-Files before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.

AFFECTED PRODUCTS:

M-Files Server before 22.10.11846.0.

MORE INFORMATION:

User with lower privilege role could have access to log files that are not supposed to contain sensitive information. Vulnerability would require access to the server or other storage where logs are stored.

CVSS 3.1 Score: 4.4

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-532 Insertion of Sensitive Information into Log File

CAPEC: CAPEC-545 Pull Data from System Resources

Internal ID: 164526

---

Date issued: 2022-12-30

LINKS: https://www.cve.org/CVERecord?id=CVE-2022-4858