Claris FileMaker Server 19.1.2

CPE Details

Claris FileMaker Server 19.1.2
claris
filemaker_server
19.1.2
2021-11-23
17h22 +00:00
2021-11-23
22h27 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:claris:filemaker_server:19.1.2:*:*:*:*:*:*:*

Informations

Vendor

claris

Product

filemaker_server

Version

19.1.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-27790 2024-04-26 15h33 +00:00 Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests.
7.5
High
CVE-2023-42955 2024-04-26 15h33 +00:00 Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the Node.js socket.
6.1
Medium
CVE-2024-27794 2024-04-15 22h16 +00:00 Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login error message on the login page.
6.1
Medium
CVE-2023-42954 2024-03-21 22h24 +00:00 A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests.
6.5
Medium
CVE-2021-44147 2021-11-22 20h26 +00:00 An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.
5.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.