Claris Filemaker Server
8 CVEs affecting Claris Filemaker Server. Latest disclosed: 2026-02-24. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-46295 | Critical | 9.8 | 2025-12-16 | Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substi… |
CVE-2024-27790 | High | 7.5 | 2024-05-14 | Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue ha… |
CVE-2025-46320 | Medium | 6.1 | 2026-02-24 | A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerabi… |
CVE-2024-27794 | Medium | 6.1 | 2024-04-15 | Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the F… |
CVE-2025-46296 | Medium | 5.4 | 2025-12-16 | An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features s… |
CVE-2025-46294 | Medium | 5.3 | 2025-12-16 | To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCrea… |
CVE-2023-42955 | Medium | 4.9 | 2024-05-14 | Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console… |
CVE-2023-42954 | Medium | 4.9 | 2024-03-21 | A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console… |