CVE-2021-41810 – This vulnerability allows stored script injecti... (How to Fix)

Q: What is the severity of CVE-2021-41810?

CVE-2021-41810 has a CVSS score of 5.2 (MEDIUM). This vulnerability allows stored script injection in M-Files Admin versions before 22.2.11051.0. An authenticated vault administrator can store malicious scripts in configuration data that may be executed by other administrators. Only affects users with vault admin privileges and cannot be exploited remotely.

📋 TL;DR

This vulnerability allows stored script injection in M-Files Admin versions before 22.2.11051.0. An authenticated vault administrator can store malicious scripts in configuration data that may be executed by other administrators. Only affects users with vault admin privileges and cannot be exploited remotely.

💻 Affected Systems

Products:

M-Files Admin

Versions: All versions before 22.2.11051.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires vault administrator authentication. Not exploitable remotely.

📦 What is this software?

Server by M Files

View all CVEs affecting Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A malicious vault administrator could inject scripts that compromise the admin tool, potentially leading to privilege escalation, data theft, or further system compromise within the vault environment.

🟠

Likely Case

An authenticated malicious vault administrator could execute arbitrary scripts within the admin tool, potentially modifying vault configurations, accessing sensitive data, or disrupting operations.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to authorized vault administrators only, reducing risk to data integrity within the vault.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires vault administrator credentials and access to the M-Files Admin tool.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 22.2.11051.0 and later

Vendor Advisory: https://empower.m-files.com/security-advisories/CVE-2021-41810

Restart Required: Yes

Instructions:

1. Download M-Files Admin version 22.2.11051.0 or later from official M-Files sources. 2. Install the update following vendor instructions. 3. Restart the M-Files Admin tool and verify the version.

🔧 Temporary Workarounds

Restrict Vault Administrator Access

all

Limit the number of users with vault administrator privileges to only those who absolutely need it.

Monitor Configuration Changes

all

Implement logging and monitoring for configuration changes made through the M-Files Admin tool.

🧯 If You Can't Patch

Implement strict access controls to limit vault administrator accounts to trusted personnel only.
Enable detailed logging of all configuration changes and script executions within the M-Files Admin tool.

🔍 How to Verify

Check if Vulnerable:

Check the M-Files Admin version in the application's About dialog or settings. If version is below 22.2.11051.0, the system is vulnerable.

Check Version:

Check via M-Files Admin interface: Help > About M-Files Admin

Verify Fix Applied:

Verify the M-Files Admin version is 22.2.11051.0 or higher after applying the update.

📡 Detection & Monitoring

Log Indicators:

Unusual configuration changes in M-Files Admin logs
Script execution events in admin tool logs
Multiple failed authentication attempts followed by successful vault admin login

Network Indicators:

None - this is not a network-based vulnerability

SIEM Query:

Search for events where user with vault admin privileges makes configuration changes containing script-like patterns in M-Files logs.

📊 Metadata

CVE ID: CVE-2021-41810

CVSS v3 Score: 5.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

CWE: CWE-79

Published: May 2, 2022

Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-41810, you might also want to check these: