CVE-2022-4861

MEDIUM

M-Files Client <22.5.11356.0 - Privilege Escalation

Title source: llm

Description

Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.

References (3)

[Various Sources] https://empower.m-files.com/security-advisories/CVE-2022-4861

[Various Sources] https://product.m-files.com/security-advisories/cve-2022-4861/

[Broken Link] https://www.m-files.com/about/trust-center/security-advisories/cve-2022-4861/

Scores

CVSS v3 4.8

EPSS 0.0027

EPSS Percentile 49.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N

Classification

CWE

CWE-303 CWE-287

Status published

Affected Products (1)

m-files/m-files_client < 22.5.11356.0

Timeline

Published Dec 30, 2022

Tracked Since Feb 18, 2026