CVE-2023-42955
Published Apr 26, 2024
·Updated
Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the Node.js socket.
Affected Software
1 affected component
Claris FileMaker Server<20.3.1
Event History
Apr 26, 2024
CVE Published
via MITRE·03:33 PM
Data Sourced
via MITRE·03:33 PM
DescriptionWeakness
May 14, 2024
Data Sourced
via NVD·01:46 PM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2023-42955?
CVE-2023-42955 is rated as a medium severity vulnerability affecting FileMaker Server.
2
How do I fix CVE-2023-42955?
To fix CVE-2023-42955, upgrade to FileMaker Server version 20.3.1 or later.
3
What types of data are affected by CVE-2023-42955?
CVE-2023-42955 potentially exposes administrator role passwords to front-end websites.
4
Who is impacted by CVE-2023-42955?
Administrators using the FileMaker Server Admin Console are directly impacted by CVE-2023-42955.
5
Is there a workaround for CVE-2023-42955?
There are no known workarounds for CVE-2023-42955; upgrading is the recommended solution.