Claris

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-43685 1Claris 1Filemaker Cloud May 14, 2026 May 12, 2026 N/A· v4 7.2 HIGH· v3 N/A· v2 A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connec...Show more A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5.Show less
CVE-2026-43680 1Claris 1Filemaker Cloud May 14, 2026 May 12, 2026 N/A· v4 7.2 HIGH· v3 N/A· v2 A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands o...Show more A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5.Show less
CVE-2025-46320 1Claris 1Filemaker Server Feb 25, 2026 Feb 24, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and...Show more A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7.Show less
CVE-2025-46296 1Claris 1Filemaker Server Dec 23, 2025 Dec 16, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application lo...Show more An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4.Show less
CVE-2025-46295 1Claris 1Filemaker Server Dec 23, 2025 Dec 16, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions...Show more Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could potentially achieve remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4.Show less
CVE-2025-46294 1Claris 1Filemaker Server Dec 23, 2025 Dec 16, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from us...Show more To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This vulnerability has been fully addressed in FileMaker Server 22.0.4. The IIS Shortname Vulnerability exploits how Microsoft IIS handles legacy 8.3 short filenames, allowing attackers to infer the existence of files or directories by crafting requests with the tilde (~) character.Show less
CVE-2024-27790 1Claris 1Filemaker Server Dec 9, 2024 May 14, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transac...Show more Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests.Show less
CVE-2023-42955 1Claris 1Filemaker Server Dec 10, 2024 May 14, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in Fil...Show more Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the Node.js socket.Show less
CVE-2024-27794 1Claris 1Filemaker Server Dec 11, 2024 Apr 15, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was reso...Show more Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login error message on the login page.Show less
CVE-2023-42954 1Claris 2Claris Pro Filemaker Server Dec 9, 2024 Mar 21, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in File...Show more A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests.Show less
CVE-2023-42920 1Claris 2Claris Pro Filemaker Pro Mar 26, 2025 Mar 19, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS.
CVE-2021-44147 1Claris 2Filemaker Pro Filemaker Server Nov 21, 2024 Nov 22, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forger...Show more An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.Show less
CVE-2014-8347 1Claris 2Filemaker Pro Filemaker Pro Advanced Nov 21, 2024 Feb 11, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges.