CVE-2022-39018 HIGH

CVE-2022-39018: Broken access controls on PDFtron data in M-Files Hubshare

Vendor M-Files

Product Hubshare

Weakness CWE-200 · Info exposure

Published October 31, 2022

Last update May 2, 2025

View on NVD All CVEs

CVSS base score

8.2/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

What the vulnerability does

01Description

Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL.

Key dates

02Disclosure timeline

October 31, 2022 CVE published

May 2, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-39018

Related vulnerabilities

04Related CVE

CVE-2025-31486 Vite allows server.fs.deny to be bypassed with .svg or relative paths CVE-2021-41301 ECOA BAS controller - Exposure of Sensitive Information to an Unauthorized Actor CVE-2022-4869 Evolution Events Artaxerxes POST Parameter middleware.py information disclosure CVE-2025-14574 weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot <= 2.1.15 - Unauthenticated Sensitive Information Exposure CVE-2023-41321 Sensitive fields enumeration through API in GLPI