CVE-2024-10127
Published: 20 November 2024
Summary
CVE-2024-10127 is a critical-severity Incorrect Implementation of Authentication Algorithm (CWE-303) vulnerability in M-Files M-Files Server. Its CVSS base score is 9.2 (Critical).
Operationally, ranked at the 26.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-33488
Vulnerability details
Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.