CVE-2023-0213 - Vulnerability Details - OpenCVE

ReportizFlow

Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
M-files	M-files
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:m-files:m-files:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://empower.m-files.com/security-advisories/CVE-2023-0213
https://product.m-files.com/security-advisories/cve-2023-0213/
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0213/

History

Mon, 23 Feb 2026 09:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:m-files:m-files:-:::::::*
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 23 Feb 2026 08:30:00 +0000

Type	Values Removed	Values Added
References		https://empower.m-files.com/security-advisories/CVE-2023-0213

Wed, 28 Aug 2024 20:30:00 +0000

Type	Values Removed	Values Added
References		https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0213/

Wed, 28 Aug 2024 09:30:00 +0000

Type	Values Removed	Values Added
References	https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0213/

Wed, 28 Aug 2024 09:00:00 +0000

Type	Values Removed	Values Added
References		https://product.m-files.com/security-advisories/cve-2023-0213/

MITRE

Status: PUBLISHED

Assigner: M-Files Corporation

Published: 2023-03-29T10:22:45.724Z

Updated: 2026-02-23T08:23:13.658Z

Reserved: 2023-01-11T09:26:15.276Z

Link: CVE-2023-0213

Vulnrichment

Updated: 2024-08-02T05:02:44.055Z

NVD

Status : Modified

Published: 2023-03-29T11:15:07.033

Modified: 2026-02-23T09:16:13.550

Link: CVE-2023-0213

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-0213", "assignerOrgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410", "state": "PUBLISHED", "assignerShortName": "M-Files Corporation", "dateReserved": "2023-01-11T09:26:15.276Z", "datePublished": "2023-03-29T10:22:45.724Z", "dateUpdated": "2026-02-23T08:23:13.658Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "M-Files", "vendor": "M-Files", "versions": [{"lessThan": "22.6", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Alexander Staalgaard"}], "datePublic": "2023-03-29T10:01:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking."}], "value": "Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "No publicly available exploit."}], "value": "No publicly available exploit."}], "impacts": [{"capecId": "CAPEC-471", "descriptions": [{"lang": "en", "value": "CAPEC-471 Search Order Hijacking"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410", "shortName": "M-Files Corporation", "dateUpdated": "2026-02-23T08:23:13.658Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://product.m-files.com/security-advisories/cve-2023-0213/"}, {"tags": ["vendor-advisory"], "url": "https://empower.m-files.com/security-advisories/CVE-2023-0213"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to version 22.6 or newer."}], "value": "Update to version 22.6 or newer."}], "source": {"discovery": "EXTERNAL"}, "title": "Local Elevation of Privilege in M-Files", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:02:44.055Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0213/", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "m-files", "product": "m-files", "cpes": ["cpe:2.3:a:m-files:m-files:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "22.6", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-28T19:36:25.883978Z", "id": "CVE-2023-0213", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T19:37:22.593Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0213/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:02:44.055Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-0213", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-28T19:36:25.883978Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:m-files:m-files:-:*:*:*:*:*:*:*"], "vendor": "m-files", "product": "m-files", "versions": [{"status": "affected", "version": "0", "lessThan": "22.6", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T19:37:04.452Z"}}], "cna": {"title": "Local Elevation of Privilege in M-Files", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Alexander Staalgaard"}], "impacts": [{"capecId": "CAPEC-471", "descriptions": [{"lang": "en", "value": "CAPEC-471 Search Order Hijacking"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "M-Files", "product": "M-Files", "versions": [{"status": "affected", "version": "0", "lessThan": "22.6", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "No publicly available exploit.", "supportingMedia": [{"type": "text/html", "value": "No publicly available exploit.", "base64": false}]}], "solutions": [{"lang": "en", "value": "Update to version 22.6 or newer.", "supportingMedia": [{"type": "text/html", "value": "Update to version 22.6 or newer.", "base64": false}]}], "datePublic": "2023-03-29T10:01:00.000Z", "references": [{"url": "https://product.m-files.com/security-advisories/cve-2023-0213/", "tags": ["vendor-advisory"]}, {"url": "https://empower.m-files.com/security-advisories/CVE-2023-0213", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.", "supportingMedia": [{"type": "text/html", "value": "Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410", "shortName": "M-Files Corporation", "dateUpdated": "2026-02-23T08:23:13.658Z"}}}, "cveMetadata": {"cveId": "CVE-2023-0213", "state": "PUBLISHED", "dateUpdated": "2026-02-23T08:23:13.658Z", "dateReserved": "2023-01-11T09:26:15.276Z", "assignerOrgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410", "datePublished": "2023-03-29T10:22:45.724Z", "assignerShortName": "M-Files Corporation"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:m-files:m-files:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F7BEA8A-16DD-42BA-8DC1-F3DF23F8C6D2", "versionEndExcluding": "22.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking."}], "id": "CVE-2023-0213", "lastModified": "2026-02-23T09:16:13.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-03-29T11:15:07.033", "references": [{"source": "[email protected]", "url": "https://empower.m-files.com/security-advisories/CVE-2023-0213"}, {"source": "[email protected]", "url": "https://product.m-files.com/security-advisories/cve-2023-0213/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0213/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "[email protected]", "type": "Primary"}]}