Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2022-4858
PUBLISHED
More InfoOfficial Page
Assigner-M-Files Corporation
Assigner Org ID-bcf7a16e-bfdc-46e4-9e42-4187da3f4410
View Known Exploited Vulnerability (KEV) details
Published At-30 Dec, 2022 | 11:24
Updated At-23 Feb, 2026 | 08:12
Rejected At-
▼CVE Numbering Authority (CNA)
Insertion of Sensitive Information into Log File

Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.

Affected Products
Vendor
M-Files OyM-Files
Product
M-Files Server
Default Status
unaffected
Versions
Affected
  • From 0 before 22.10.11846.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-532CWE-532 Insertion of Sensitive Information into Log File
Type: CWE
CWE ID: CWE-532
Description: CWE-532 Insertion of Sensitive Information into Log File
Metrics
VersionBase scoreBase severityVector
3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-545CAPEC-545 Pull Data from System Resources
CAPEC ID: CAPEC-545
Description: CAPEC-545 Pull Data from System Resources
Solutions

Upgrade to non-vulnerable version of M-Files.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.m-files.com/about/trust-center/security-advisories/cve-2022-4858/
N/A
https://product.m-files.com/security-advisories/cve-2022-4858/
vendor-advisory
https://empower.m-files.com/security-advisories/CVE-2022-4858
vendor-advisory
Hyperlink: https://www.m-files.com/about/trust-center/security-advisories/cve-2022-4858/
Resource: N/A
Hyperlink: https://product.m-files.com/security-advisories/cve-2022-4858/
Resource:
vendor-advisory
Hyperlink: https://empower.m-files.com/security-advisories/CVE-2022-4858
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.m-files.com/about/trust-center/security-advisories/cve-2022-4858/
x_transferred
Hyperlink: https://www.m-files.com/about/trust-center/security-advisories/cve-2022-4858/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found