Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for claris_pro by claris

    CVE-2023-42954 (GCVE-0-2023-42954)

    Vulnerability from nvd – Published: 2024-03-21 22:24 – Updated: 2024-08-27 19:43
    VLAI
    Summary
    A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role.
    • CWE-250 - Execution with Unnecessary Privileges
    Assigner
    Impacted products
    Vendor Product Version
    Claris FileMaker Server Affected: unspecified , < 20.3.1 (custom)
    Create a notification for this product.
    claris filemaker_server Affected: 0 , < 20.3.1 (custom)
        cpe:2.3:a:claris:filemaker_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:37:23.542Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.claris.com/s/answerview?anum=000041424\u0026language=en_US"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:claris:filemaker_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "filemaker_server",
                "vendor": "claris",
                "versions": [
                  {
                    "lessThan": "20.3.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42954",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T14:56:33.116570Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-250",
                    "description": "CWE-250 Execution with Unnecessary Privileges",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T19:43:48.253Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FileMaker Server",
              "vendor": "Claris",
              "versions": [
                {
                  "lessThan": "20.3.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role.",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-21T22:28:15.286Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.claris.com/s/answerview?anum=000041424\u0026language=en_US"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-42954",
        "datePublished": "2024-03-21T22:24:36.922Z",
        "dateReserved": "2023-09-14T19:05:11.476Z",
        "dateUpdated": "2024-08-27T19:43:48.253Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42920 (GCVE-0-2023-42920)

    Vulnerability from nvd – Published: 2024-03-19 16:46 – Updated: 2025-03-26 20:49
    VLAI
    Summary
    Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Exploiting this vulnerability enables an attacker to execute custom code on behalf of FileMaker Pro or Claris Pro, even without the user having proper access. This flaw may potentially lead to unauthorized access to sensitive user information or the execution of unauthorized actions within the application.
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Claris FileMaker Pro Affected: unspecified , < 20.2 (custom)
    Create a notification for this product.
    claris filemaker_pro Affected: 0 , < 20.2 (custom)
        cpe:2.3:a:claris:filemaker_pro:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:30:25.330Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.claris.com/s/article/FileMaker-Security-Information?language=en_US"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:claris:filemaker_pro:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "filemaker_pro",
                "vendor": "claris",
                "versions": [
                  {
                    "lessThan": "20.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42920",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-28T18:59:18.670696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-427",
                    "description": "CWE-427 Uncontrolled Search Path Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T20:49:39.125Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FileMaker Pro",
              "vendor": "Claris",
              "versions": [
                {
                  "lessThan": "20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Exploiting this vulnerability enables an attacker to execute custom code on behalf of FileMaker Pro or Claris Pro, even without the user having proper access. This flaw may potentially lead to unauthorized access to sensitive user information or the execution of unauthorized actions within the application.",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-19T16:46:46.325Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.claris.com/s/article/FileMaker-Security-Information?language=en_US"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-42920",
        "datePublished": "2024-03-19T16:46:46.325Z",
        "dateReserved": "2023-09-14T19:05:11.463Z",
        "dateUpdated": "2025-03-26T20:49:39.125Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42954 (GCVE-0-2023-42954)

    Vulnerability from cvelistv5 – Published: 2024-03-21 22:24 – Updated: 2024-08-27 19:43
    VLAI
    Summary
    A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role.
    • CWE-250 - Execution with Unnecessary Privileges
    Assigner
    Impacted products
    Vendor Product Version
    Claris FileMaker Server Affected: unspecified , < 20.3.1 (custom)
    Create a notification for this product.
    claris filemaker_server Affected: 0 , < 20.3.1 (custom)
        cpe:2.3:a:claris:filemaker_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:37:23.542Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.claris.com/s/answerview?anum=000041424\u0026language=en_US"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:claris:filemaker_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "filemaker_server",
                "vendor": "claris",
                "versions": [
                  {
                    "lessThan": "20.3.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42954",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T14:56:33.116570Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-250",
                    "description": "CWE-250 Execution with Unnecessary Privileges",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T19:43:48.253Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FileMaker Server",
              "vendor": "Claris",
              "versions": [
                {
                  "lessThan": "20.3.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role.",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-21T22:28:15.286Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.claris.com/s/answerview?anum=000041424\u0026language=en_US"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-42954",
        "datePublished": "2024-03-21T22:24:36.922Z",
        "dateReserved": "2023-09-14T19:05:11.476Z",
        "dateUpdated": "2024-08-27T19:43:48.253Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42920 (GCVE-0-2023-42920)

    Vulnerability from cvelistv5 – Published: 2024-03-19 16:46 – Updated: 2025-03-26 20:49
    VLAI
    Summary
    Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Exploiting this vulnerability enables an attacker to execute custom code on behalf of FileMaker Pro or Claris Pro, even without the user having proper access. This flaw may potentially lead to unauthorized access to sensitive user information or the execution of unauthorized actions within the application.
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Claris FileMaker Pro Affected: unspecified , < 20.2 (custom)
    Create a notification for this product.
    claris filemaker_pro Affected: 0 , < 20.2 (custom)
        cpe:2.3:a:claris:filemaker_pro:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:30:25.330Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.claris.com/s/article/FileMaker-Security-Information?language=en_US"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:claris:filemaker_pro:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "filemaker_pro",
                "vendor": "claris",
                "versions": [
                  {
                    "lessThan": "20.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42920",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-28T18:59:18.670696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-427",
                    "description": "CWE-427 Uncontrolled Search Path Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T20:49:39.125Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FileMaker Pro",
              "vendor": "Claris",
              "versions": [
                {
                  "lessThan": "20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Exploiting this vulnerability enables an attacker to execute custom code on behalf of FileMaker Pro or Claris Pro, even without the user having proper access. This flaw may potentially lead to unauthorized access to sensitive user information or the execution of unauthorized actions within the application.",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-19T16:46:46.325Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.claris.com/s/article/FileMaker-Security-Information?language=en_US"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-42920",
        "datePublished": "2024-03-19T16:46:46.325Z",
        "dateReserved": "2023-09-14T19:05:11.463Z",
        "dateUpdated": "2025-03-26T20:49:39.125Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }