FMS, privilege escalation
-
1 min read
I have identified a privilege escalation vulnerability in FileMaker Server for all platforms (macOS, Windows, Ubuntu)
This vulnerability allows an attacker, that has the most limited access to a remote database, hosted on FileMaker Server, to get full access privileges, with access to all data from all tables of the remote database, including the ability to edit scripts in Scripts Workspace and edit any Layout and edit any data in any table.
I reported the problem through Apple’s Security Bounty program, and it was fixed. and generated CVE-2024-23202. I don’t know why this CVE hasn’t been published yet. I’m in the process of updating this article, I’ll post more details about the problem soon.
Stay tuned.