CVE-2024-27790: FileMaker Server Vulnerability Patched, Data Access Risk Addressed

Claris International released a critical security patch for its FileMaker Server software today, addressing a vulnerability that could allow unauthorized access to sensitive data within hosted databases. The vulnerability, tracked as CVE-2024-27790, has been resolved in FileMaker Server version 20.3.2.

Image: Claris

Vulnerability Details

The CVE-2024-27790 flaw involved improper transaction validation within the FileMaker Server. This could have potentially enabled attackers to gain access to records they should not have been authorized to see or modify.

The vulnerability was discovered and responsibly reported to Claris by security researcher Alexey Dubov.

Who’s at Risk

Any organization using FileMaker Server to host databases that contain sensitive information could have been at risk before installing the patch. FileMaker software is used in a wide range of industries, including healthcare, finance, and education, making the vulnerability potentially far-reaching.

Urgent Patch Recommended

Claris strongly urges all FileMaker Server administrators to install the 20.3.2 update as soon as possible. They also recommend updating any FileMaker Pro client software, as it interacts with the vulnerable server component.

Protect Your Data: Act Now

Database security is essential. If you use FileMaker Server, don’t delay in applying this patch. Stay vigilant about future updates and adhere to best practices in database administration to safeguard your organization’s data.