CVE-2025-46294

Medium CVSS: 5.3

To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This vulnerability has been fully addressed in FileMaker Server 22.0.4. The IIS Shortname Vulnerability exploits how Microsoft IIS handles legacy 8.3 short filenames, allowing attackers to infer the existence of files or directories by crafting requests with the tilde (~) character.

Vendor

Claris

Product

Filemaker Server

CWE

CWE-200

Yayın Tarihi

2025-12-16 18:16:12

Güncelleme

2025-12-23 14:44:32

Source Identifier

product-security@apple.com

KEV Date Added

Kategoriler

CWE-200 Filemaker Server MEDIUM Claris 2025

Referanslar

https://support.claris.com/s/answerview?anum=000048450&language=en_US

Benzer Kayıtlar

Medium

CVE-2025-46320

A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access an…

Critical

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications pass…

Medium

CVE-2025-46296

An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privile…