Insecure Logging of Download Key in M-Files New Web

Insecure Logging of Download Key in M-Files New Web

CVE-2022-3284 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0.

Learn more about our Web App Pen Testing.