CVE-2023-42954

A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests.

Published: Mar 22, 2024
Updated: May 4, 2025
CVE: CVE-2023-42954
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
claris / filemaker_server	-	20.3.1

https://support.claris.com/s/answerview?anum=000041424&language=en_US

Vulnerability Database

CVE-2023-42954