CVE-2024-10127: Support for authentication bypass condition in M-Files LDAP authentication

9.2 CVSS

Description

Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration.

Classification

CVE ID: CVE-2024-10127

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.2

Affected Products

Vendor: M-Files Corporation

Product: M-Files Server

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://product.m-files.com/security-advisories/CVE-2024-10127

Timeline

2024-12-17 00:30:18 UTC
CVE

Support for authentication bypass condition in M-Files LDAP authentication