CVE-2024-0563 - Vulnerability Details - OpenCVE

Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00123.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
M-files	M-files Server

Configuration 1 [-]

OR	cpe:2.3:a:m-files:m-files_server:::::-:::*
	cpe:2.3:a:m-files:m-files_server:::::-:::*
	cpe:2.3:a:m-files:m-files_server:::::lts:::*
	cpe:2.3:a:m-files:m-files_server:::::-:::*

No data.

No data.

References

Link	Providers
https://empower.m-files.com/security-advisories/CVE-2024-0563
https://product.m-files.com/security-advisories/cve-2024-0563/
https://www.m-files.com/about/trust-center/security-advisories/cve-2024-0563/

History

Mon, 23 Feb 2026 11:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 23 Feb 2026 10:30:00 +0000

Type	Values Removed	Values Added
References		https://empower.m-files.com/security-advisories/CVE-2024-0563

Tue, 23 Dec 2025 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		M-files M-files m-files Server
CPEs		cpe:2.3:a:m-files:m-files_server:::::-:::* cpe:2.3:a:m-files:m-files_server:::::lts:::*
Vendors & Products		M-files M-files m-files Server

Tue, 27 Aug 2024 11:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-400

Tue, 27 Aug 2024 10:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-770
References		https://product.m-files.com/security-advisories/cve-2024-0563/

MITRE

Status: PUBLISHED

Assigner: M-Files Corporation

Published: 2024-02-23T08:52:38.347Z

Updated: 2026-02-23T10:09:57.761Z

Reserved: 2024-01-15T17:31:42.252Z

Link: CVE-2024-0563

Vulnrichment

Updated: 2024-08-01T18:11:35.603Z

NVD

Status : Modified

Published: 2024-02-23T09:15:22.263

Modified: 2026-02-23T11:16:16.343

Link: CVE-2024-0563

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-0563", "assignerOrgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410", "state": "PUBLISHED", "assignerShortName": "M-Files Corporation", "dateReserved": "2024-01-15T17:31:42.252Z", "datePublished": "2024-02-23T08:52:38.347Z", "dateUpdated": "2026-02-23T10:09:57.761Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "M-Files Server", "vendor": "M-Files Corporation", "versions": [{"lessThan": "24.2", "status": "affected", "version": "0", "versionType": "custom"}, {"status": "unaffected", "version": "23.2 SR7"}, {"status": "unaffected", "version": "23.8 SR5"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Denial of service condition in M-Files Server in<span style=\"background-color: rgb(252, 252, 252);\"> versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.</span>"}], "value": "Denial of service condition in M-Files Server in\u00a0versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users."}], "impacts": [{"capecId": "CAPEC-125", "descriptions": [{"lang": "en", "value": "CAPEC-125 Flooding"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410", "shortName": "M-Files Corporation", "dateUpdated": "2026-02-23T10:09:57.761Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://product.m-files.com/security-advisories/cve-2024-0563/"}, {"tags": ["vendor-advisory"], "url": "https://empower.m-files.com/security-advisories/CVE-2024-0563"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to patched version."}], "value": "Update to patched version."}], "source": {"discovery": "UNKNOWN"}, "title": "Denial of service condition in M-Files Server", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0563", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-23T19:30:11.634119Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:58:26.994Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.603Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2024-0563/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2024-0563/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.603Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0563", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-23T19:30:11.634119Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:13.154Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Denial of service condition in M-Files Server", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-125", "descriptions": [{"lang": "en", "value": "CAPEC-125 Flooding"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "M-Files Corporation", "product": "M-Files Server", "versions": [{"status": "affected", "version": "0", "lessThan": "24.2", "versionType": "custom"}, {"status": "unaffected", "version": "23.2 SR7"}, {"status": "unaffected", "version": "23.8 SR5"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to patched version.", "supportingMedia": [{"type": "text/html", "value": "Update to patched version.", "base64": false}]}], "references": [{"url": "https://product.m-files.com/security-advisories/cve-2024-0563/", "tags": ["vendor-advisory"]}, {"url": "https://empower.m-files.com/security-advisories/CVE-2024-0563", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Denial of service condition in M-Files Server in\u00a0versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.", "supportingMedia": [{"type": "text/html", "value": "Denial of service condition in M-Files Server in<span style=\"background-color: rgb(252, 252, 252);\"> versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410", "shortName": "M-Files Corporation", "dateUpdated": "2026-02-23T10:09:57.761Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0563", "state": "PUBLISHED", "dateUpdated": "2026-02-23T10:09:57.761Z", "dateReserved": "2024-01-15T17:31:42.252Z", "assignerOrgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410", "datePublished": "2024-02-23T08:52:38.347Z", "assignerShortName": "M-Files Corporation"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:m-files:m-files_server:*:*:*:*:-:*:*:*", "matchCriteriaId": "9735591F-6BE0-4B7C-B9C0-525468880E06", "versionEndExcluding": "23.2.12340.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:m-files:m-files_server:*:*:*:*:-:*:*:*", "matchCriteriaId": "6228200D-F2B7-40C8-B666-4241FD3A59E7", "versionEndExcluding": "23.8.12892.6", "versionStartExcluding": "23.2.12340.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:m-files:m-files_server:*:*:*:*:lts:*:*:*", "matchCriteriaId": "4A0E06A5-DE4C-4FA6-B55C-7806CEC11FAB", "versionEndExcluding": "23.8.12892.17", "versionStartIncluding": "23.2.12340.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:m-files:m-files_server:*:*:*:*:-:*:*:*", "matchCriteriaId": "65C5CBAB-EA68-4881-AE65-86FEB854AA3E", "versionEndExcluding": "24.2.13421.8", "versionStartExcluding": "23.8.12892.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Denial of service condition in M-Files Server in\u00a0versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users."}, {"lang": "es", "value": "La condici\u00f3n de denegaci\u00f3n de servicio en M-Files Server en versiones anteriores a la 24.2 (excluyendo 23.2 SR7 y 23.8 SR5) permite a un usuario an\u00f3nimo provocar una denegaci\u00f3n de servicio contra otros usuarios an\u00f3nimos."}], "id": "CVE-2024-0563", "lastModified": "2026-02-23T11:16:16.343", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@m-files.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-23T09:15:22.263", "references": [{"source": "security@m-files.com", "url": "https://empower.m-files.com/security-advisories/CVE-2024-0563"}, {"source": "security@m-files.com", "tags": ["Vendor Advisory"], "url": "https://product.m-files.com/security-advisories/cve-2024-0563/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2024-0563/"}], "sourceIdentifier": "security@m-files.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security@m-files.com", "type": "Secondary"}]}