Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

M-Files Corporation

#bcf7a16e-bfdc-46e4-9e42-4187da3f4410
PolicyEmail

Short Name

M-Files

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

m-files.com

Country

Finland

Scope

M-Files and Hubshare products.
Reported CVEsVendorsProductsReports
57Vulnerabilities found
CVE-2022-4270
Assigner-M-Files Corporation
ShareView Details
Assigner-M-Files Corporation
CVSS Score-2||LOW
EPSS-0.16% / 37.14%
||
7 Day CHG~0.00%
Published-02 Dec, 2022 | 12:20
Updated-23 Feb, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect privilege assignment in M-Files Web Server

Incorrect privilege assignment issue in M-Files Web in M-Files Web versions beforeĀ 22.5.11436.1 could have changed permissions accidentally.

Action-Not Available
Vendor-M-Files Oy
Product-m-files_serverM-Files Web
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-1911
Assigner-M-Files Corporation
ShareView Details
Assigner-M-Files Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 53.59%
||
7 Day CHG~0.00%
Published-30 Nov, 2022 | 14:35
Updated-23 Feb, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information disclosure in M-Files Server

Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.

Action-Not Available
Vendor-M-Files Oy
Product-m-files_serverM-Files Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-1606
Assigner-M-Files Corporation
ShareView Details
Assigner-M-Files Corporation
CVSS Score-2.4||LOW
EPSS-0.21% / 42.69%
||
7 Day CHG~0.00%
Published-30 Nov, 2022 | 14:05
Updated-23 Feb, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect privilege assignment in M-Files Server

Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects.

Action-Not Available
Vendor-M-Files Oy
Product-m-files_serverM-Files Server
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-41810
Assigner-M-Files Corporation
ShareView Details
Assigner-M-Files Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.39% / 60.59%
||
7 Day CHG~0.00%
Published-02 May, 2022 | 19:06
Updated-23 Feb, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Script injection in M-Files Admin

Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable

Action-Not Available
Vendor-M-Files Oy
Product-serverM-Files Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-41808
Assigner-M-Files Corporation
ShareView Details
Assigner-M-Files Corporation
CVSS Score-2||LOW
EPSS-0.05% / 15.22%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 16:51
Updated-23 Feb, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
In M-Files Server product with versions before 21.11.10775.0, enabling logging of federated authentication would write sensitive information to event logs.

In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default.

Action-Not Available
Vendor-M-Files Oy
Product-m-files_serverM-Files Server
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-41807
Assigner-M-Files Corporation
ShareView Details
Assigner-M-Files Corporation
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.81%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 16:51
Updated-23 Feb, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0, allows brute-forcing of certain type of user accounts.

Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.

Action-Not Available
Vendor-M-Files Oy
Product-m-files_webm-files_serverM-Files ServerM-Files Web
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-41809
Assigner-M-Files Corporation
ShareView Details
Assigner-M-Files Corporation
CVSS Score-3.5||LOW
EPSS-0.15% / 35.17%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 16:51
Updated-23 Feb, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, allows requests from server.

SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities.

Action-Not Available
Vendor-M-Files Oy
Product-m-files_serverM-Files Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
  • Previous
  • 1
  • 2
  • Next