CVE-2023-6910

A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6910	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:m-files:m-files_server:*:*:*:*:*:*:*:*

History

28 Dec 2023, 20:20

Type	Values Removed	Values Added
Summary		(es) Un método API vulnerable en M-Files Server anterior a 23.12.13195.0 permite el consumo incontrolado de recursos. El atacante autenticado puede agotar el espacio de almacenamiento del servidor hasta el punto en que el servidor ya no pueda atender solicitudes.
First Time		M-files M-files m-files Server
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:m-files:m-files_server::::::::
References	~~() https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6910 -~~	() https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6910 - Vendor Advisory

20 Dec 2023, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-20 10:15

Updated : 2023-12-28 20:20

NVD link : CVE-2023-6910

Mitre link : CVE-2023-6910

CVE.ORG link : CVE-2023-6910

JSON object : View

Products Affected

m-files

m-files_server

CWE

NVD-CWE-noinfo CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2023-6910", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@m-files.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-12-20T10:15:08.373", "references": [{"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6910", "tags": ["Vendor Advisory"], "source": "security@m-files.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "security@m-files.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests."}, {"lang": "es", "value": "Un m\u00e9todo API vulnerable en M-Files Server anterior a 23.12.13195.0 permite el consumo incontrolado de recursos. El atacante autenticado puede agotar el espacio de almacenamiento del servidor hasta el punto en que el servidor ya no pueda atender solicitudes."}], "lastModified": "2023-12-28T20:20:48.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:m-files:m-files_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73A5C4C8-F457-4362-B988-0B61F9048EE7", "versionEndExcluding": "23.12.13195.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@m-files.com"}