QwikSec

Security Database

CVE

CWE

Training

CVE-2024-10127

Published: Nov 20, 2024

Modified: Feb 23, 2026

PUBLISHED

Description

Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration.

Vendor	Product	Versions
M-Files Corporation	M-Files Server	affected `0 - < 24.11` unaffected `0 - < 24.8 LTS SR2`

Weaknesses (CWE)

References

https://product.m-files.com/security-advisories/CVE-2024-10127

vendor-advisory

https://empower.m-files.com/security-advisories/CVE-2024-10127

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.