CVE-2023-3405 - Vulnerability Details - OpenCVE

ReportizFlow

Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
M-files	M-files Server

Configuration 1 [-]

cpe:2.3:a:m-files:m-files_server:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://empower.m-files.com/security-advisories/CVE-2023-3405
https://product.m-files.com/security-advisories/cve-2023-3405/
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405
https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405-denial-of-service-in-m-files-server/

History

Mon, 23 Feb 2026 10:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 23 Feb 2026 09:15:00 +0000

Type	Values Removed	Values Added
References		https://empower.m-files.com/security-advisories/CVE-2023-3405

Wed, 28 Aug 2024 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405

Wed, 28 Aug 2024 09:45:00 +0000

Type	Values Removed	Values Added
References	https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405

Wed, 28 Aug 2024 08:45:00 +0000

Type	Values Removed	Values Added
References		https://product.m-files.com/security-advisories/cve-2023-3405/

MITRE

Status: PUBLISHED

Assigner: M-Files Corporation

Published: 2023-06-27T14:24:40.316Z

Updated: 2026-02-23T08:46:31.978Z

Reserved: 2023-06-26T13:25:05.119Z

Link: CVE-2023-3405

Vulnrichment

Updated: 2024-08-02T06:55:03.331Z

NVD

Status : Modified

Published: 2023-06-27T15:15:11.447

Modified: 2026-02-23T09:16:14.837

Link: CVE-2023-3405

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-3405", "assignerOrgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410", "state": "PUBLISHED", "assignerShortName": "M-Files Corporation", "dateReserved": "2023-06-26T13:25:05.119Z", "datePublished": "2023-06-27T14:24:40.316Z", "dateUpdated": "2026-02-23T08:46:31.978Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "M-Files Server", "vendor": "M-Files", "versions": [{"lessThan": "23.6.12695.3", "status": "affected", "version": "0", "versionType": "custom"}, {"status": "unaffected", "version": "23.2.12340.11"}]}], "datePublic": "2023-06-28T09:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service"}], "value": "Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service"}], "impacts": [{"capecId": "CAPEC-129", "descriptions": [{"lang": "en", "value": "CAPEC-129 Pointer Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-248", "description": "CWE-248 Uncaught Exception", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410", "shortName": "M-Files Corporation", "dateUpdated": "2026-02-23T08:46:31.978Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://product.m-files.com/security-advisories/cve-2023-3405/"}, {"tags": ["vendor-advisory"], "url": "https://empower.m-files.com/security-advisories/CVE-2023-3405"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to patched version"}], "value": "Update to patched version"}], "source": {"defect": ["167238"], "discovery": "INTERNAL"}, "title": "Denial of service condition in M-Files Server", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.331Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-28T18:21:24.957217Z", "id": "CVE-2023-3405", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T18:21:55.335Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.331Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3405", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-28T18:21:24.957217Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T18:21:39.200Z"}}], "cna": {"title": "Denial of service condition in M-Files Server", "source": {"defect": ["167238"], "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-129", "descriptions": [{"lang": "en", "value": "CAPEC-129 Pointer Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "M-Files", "product": "M-Files Server", "versions": [{"status": "affected", "version": "0", "lessThan": "23.6.12695.3", "versionType": "custom"}, {"status": "unaffected", "version": "23.2.12340.11"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to patched version", "supportingMedia": [{"type": "text/html", "value": "Update to patched version", "base64": false}]}], "datePublic": "2023-06-28T09:00:00.000Z", "references": [{"url": "https://product.m-files.com/security-advisories/cve-2023-3405/", "tags": ["vendor-advisory"]}, {"url": "https://empower.m-files.com/security-advisories/CVE-2023-3405", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service", "supportingMedia": [{"type": "text/html", "value": "Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-248", "description": "CWE-248 Uncaught Exception"}]}], "providerMetadata": {"orgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410", "shortName": "M-Files Corporation", "dateUpdated": "2026-02-23T08:46:31.978Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3405", "state": "PUBLISHED", "dateUpdated": "2026-02-23T08:46:31.978Z", "dateReserved": "2023-06-26T13:25:05.119Z", "assignerOrgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410", "datePublished": "2023-06-27T14:24:40.316Z", "assignerShortName": "M-Files Corporation"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:m-files:m-files_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3A71882-B133-4517-977C-CA6ADC483B76", "versionEndExcluding": "23.6.12695.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service"}], "id": "CVE-2023-3405", "lastModified": "2026-02-23T09:16:14.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-06-27T15:15:11.447", "references": [{"source": "[email protected]", "url": "https://empower.m-files.com/security-advisories/CVE-2023-3405"}, {"source": "[email protected]", "url": "https://product.m-files.com/security-advisories/cve-2023-3405/"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405-denial-of-service-in-m-files-server/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3405"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-248"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}]}