What the vulnerability does
01Description
Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.
CVE-2023-2112
LOW
CVE-2023-2112: Desktop component allows lateral movement between sessions
CVSS base score
3.6/10
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Key dates
02Disclosure timeline
April 20, 2023
CVE published
February 23, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2022-41784
CVE-2020-12030 Emerson WirelessHART Gateway
CVE-2025-59422 Dify Has Broken Access Control on Log Message Endpoint Allows Reading of Chats of Others
CVE-2024-13635 VK Blocks <= 1.94.2.2 - Missing Authorization to Sensitive Information Exposure
CVE-2026-0844 Simple User Registration <= 6.7 - Authenticated (Subscriber+) Privilege Escalation via profile_save_field
