CVE-2023-42954

A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.claris.com/s/answerview?anum=000041424&language=en_US	Vendor Advisory
https://support.claris.com/s/answerview?anum=000041424&language=en_US	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:claris:claris_pro:-:::::::*
	cpe:2.3:a:claris:filemaker_server::::::::

History

No history.

Information

Published : 2024-03-21 23:15

Updated : 2024-12-09 16:39

NVD link : CVE-2023-42954

Mitre link : CVE-2023-42954

CVE.ORG link : CVE-2023-42954

JSON object : View

Products Affected

claris

filemaker_server
claris_pro

CWE

NVD-CWE-noinfo CWE-250

Execution with Unnecessary Privileges

{"id": "CVE-2023-42954", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.2}]}, "published": "2024-03-21T23:15:09.517", "references": [{"url": "https://support.claris.com/s/answerview?anum=000041424&language=en_US", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.claris.com/s/answerview?anum=000041424&language=en_US", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-250"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests."}, {"lang": "es", "value": "Exist\u00eda un problema de escalada de privilegios en FileMaker Server, que potencialmente expon\u00eda informaci\u00f3n confidencial a sitios web front-end al iniciar sesi\u00f3n en la Consola de administraci\u00f3n con una funci\u00f3n de administrador. Este problema se solucion\u00f3 en FileMaker Server 20.3.1 reduciendo la informaci\u00f3n enviada en las solicitudes."}], "lastModified": "2024-12-09T16:39:29.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:claris:claris_pro:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "418A8FB9-C131-4D98-8520-6743015282EB"}, {"criteria": "cpe:2.3:a:claris:filemaker_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B444E1C4-D337-40FE-A1C3-2D4DBFAD28CA", "versionEndExcluding": "20.3.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}