Filtered by vendor Claris Subscriptions
Filtered by product Filemaker Server Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-27794 1 Claris 1 Filemaker Server 2024-12-11 6.1 Medium
Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login error message on the login page.
CVE-2023-42955 1 Claris 1 Filemaker Server 2024-12-10 4.9 Medium
Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the Node.js socket.
CVE-2024-27790 1 Claris 1 Filemaker Server 2024-12-09 7.5 High
Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests.
CVE-2023-42954 1 Claris 2 Claris Pro, Filemaker Server 2024-12-09 4.9 Medium
A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests.
CVE-2021-44147 1 Claris 2 Filemaker Pro, Filemaker Server 2024-11-21 5.5 Medium
An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.