Sensitive Information Exposure in M-Files Server Federated Authentication Logging

Sensitive Information Exposure in M-Files Server Federated Authentication Logging

CVE-2021-41808 · LOW Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default.

Learn more about our Cis Benchmark Audit For Server Software.