Claris Filemaker Server — known CVE vulnerabilities
Every CVE whose affected-product data names Claris Filemaker Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2025-46295 — CVSS 9.8 (critical): Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input…
CVE-2024-27790 — CVSS 7.5 (high): Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker…
CVE-2025-46320 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code…
CVE-2024-27794 — CVSS 6.1 (medium): Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly…
CVE-2021-44147 — CVSS 5.5 (medium): An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose…
CVE-2025-46296 — CVSS 5.4 (medium): An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access…
CVE-2025-46294 — CVSS 5.3 (medium): To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting…
CVE-2023-42954 — CVSS 4.9 (medium): A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in…
CVE-2023-42955 — CVSS 4.9 (medium): Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in…