CVE-2023-5524

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Oct 20, 2023

Updated: Oct 30, 2023

CWE ID 434

Summary

CVE-2023-5524 is a remote code execution vulnerability affecting M-Files Web Companion before version 23.10 and LTS Service Release Versions before 23.8 LTS SR1. The flaw stems from insufficient blacklisting, which enables attackers to execute arbitrary code via specific file types. This issue poses a significant risk to organizations using these M-Files versions and urges administrators to apply the necessary patches promptly to mitigate potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

M-Files

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s-A_Eb
https://www.cve.org/CVERecord?id=CVE-2023-5524
https://nvd.nist.gov/vuln/detail/CVE-2023-5524

Back to Vulnerability Database

CVE-2023-5524

CVSS 3.1 Score 7.3 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations