In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default.
References
Link | Resource |
---|---|
https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-41808/ | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2022-01-18 17:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-41808
Mitre link : CVE-2021-41808
CVE.ORG link : CVE-2021-41808
JSON object : View
Products Affected
m-files
- m-files_server
CWE
CWE-532
Insertion of Sensitive Information into Log File