CVE-2024-0563: Denial of service condition in M-Files Server

DESCRIPTION:

Denial of service condition in M-Files Server

in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous

user to cause denial of service against other anonymous users

AFFECTED PRODUCTS:

M-Files Server before 24.2

M-Files Server before 23.2 LTS SR7

M-Files Server before 23.8 LTS SR5

MORE INFORMATION:

Anonymous user may use M-Files Server functionality to cause resource usage based denial of service to other anonymous user sessions.

CVSS 3.1 Base Score: 4.3

CVSS 3.1 Temporal Score: 3.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C

CWE: CWE-400: Uncontrolled Resource Consumption

CAPEC: CAPEC-125: Flooding

Internal ID: 168006

Date issued: 2024-02-23

EXPLOITABILITY

Publicly disclosed: No

Exploited: No

Propability of exploitation: low - internally found

LINKS

https://www.cve.org/CVERecord?id=CVE-2024-0563

HISTORY

2024-02-23 Published