CVE-2024-27790 – This vulnerability in FileMaker Server allows u... (How to Fix)

Q: What is the severity of CVE-2024-27790?

CVE-2024-27790 has a CVSS score of 7.5 (HIGH). This vulnerability in FileMaker Server allows unauthorized access to database records by bypassing transaction validation. It affects organizations using FileMaker Server for database hosting. The issue could expose sensitive data stored in FileMaker databases.

📋 TL;DR

This vulnerability in FileMaker Server allows unauthorized access to database records by bypassing transaction validation. It affects organizations using FileMaker Server for database hosting. The issue could expose sensitive data stored in FileMaker databases.

💻 Affected Systems

Products:

FileMaker Server

Versions: Versions before 20.3.2

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects FileMaker Server installations hosting databases. FileMaker Pro clients are not directly affected.

📦 What is this software?

Filemaker Server by Claris

View all CVEs affecting Filemaker Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise allowing attackers to read, modify, or delete all records in affected FileMaker databases.

🟠

Likely Case

Unauthorized access to sensitive business data, customer information, or proprietary records stored in FileMaker databases.

🟢

If Mitigated

Limited impact if databases contain only non-sensitive data or if additional access controls are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires network access to FileMaker Server and understanding of FileMaker's transaction system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FileMaker Server 20.3.2

Vendor Advisory: https://support.claris.com/s/answerview?anum=000041674&language=en_US

Restart Required: Yes

Instructions:

1. Download FileMaker Server 20.3.2 from Claris website. 2. Backup all databases and server configuration. 3. Run the installer and follow upgrade prompts. 4. Restart FileMaker Server services.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to FileMaker Server to only trusted clients and networks

Database Encryption

all

Enable FileMaker's built-in encryption for sensitive databases

🧯 If You Can't Patch

Implement strict network access controls and firewall rules to limit who can connect to FileMaker Server
Enable detailed logging and monitoring for unusual database access patterns

🔍 How to Verify

Check if Vulnerable:

Check FileMaker Server version in Admin Console under Help > About FileMaker Server

Check Version:

On server: Check Admin Console or server installation directory for version info

Verify Fix Applied:

Confirm version is 20.3.2 or later in Admin Console

📡 Detection & Monitoring

Log Indicators:

Unusual transaction patterns
Failed authentication attempts followed by successful data access
Access from unexpected IP addresses

Network Indicators:

Unusual traffic to FileMaker Server ports (5003, 16000, 16001)
Multiple rapid transaction requests

SIEM Query:

source="filemaker-server" AND (event_type="transaction_error" OR auth_failure=1)

📊 Metadata

CVE ID: CVE-2024-27790

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-284

Published: May 14, 2024

Last Updated: December 9, 2024

🔗 References

https://support.claris.com/s/answerview?anum=000041674&language=en_US Vendor Advisory
https://support.claris.com/s/answerview?anum=000041674&language=en_US Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27790, you might also want to check these: