CVE Daily
← All tags

Tag: FileMaker Platform

All CVEs associated with "FileMaker Platform". Page 1/1 • 22 CVEs.

About “FileMaker Platform”

A curated feed of “FileMaker Platform”-related CVEs appears below. We currently track 22 CVEs for this tag (all time). In the last 365 days, 6 were published. Average CVSS is 6.2 (all time; 6.8 over 365d), and 41% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: filemaker

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
2025-
2024- Soon
2023- Expired
19.6- Expired
19.5- Expired
19.4- Expired
19.3- Expired
19.2- Expired
19.1- Expired
19- Expired
18- Expired
17- Expired
16- Expired
15- Expired
14- Expired
13- Expired
12- Expired
11- Expired
10- Expired
9- Expired
8- Expired
7- Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “FileMaker Platform”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-05-12
High

CVE-2026-43685

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External OD…

CVSS: 7.2 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2026-43680

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operat…

CVSS: 7.2 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2026-02-24
Medium

CVE-2025-46320

A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMak…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-12-16
Medium

CVE-2025-46296

An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downl…

CVSS: 5.4 CWE: CWE-285 - Improper Authorization View on NVD
Critical

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators c…

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2025-46294

To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This preve…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2024-05-14
High

CVE-2024-27790

Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-42955

Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue…

CVSS: 4.9 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2024-04-15
Medium

CVE-2024-27794

Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The v…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-03-21
Medium

CVE-2023-42954

A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue h…

CVSS: 4.9 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2024-03-19
High

CVE-2023-42920

Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS.

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2021-11-22
Medium

CVE-2021-44147

An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform serve…

CVSS: 5.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2020-02-11
High

CVE-2014-8347

An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevat…

CVSS: 7.8 CWE: CWE-287 - Improper Authentication View on NVD
2016-05-14
High

CVE-2016-1208

The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2014-09-22
Medium

CVE-2014-5322

Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via u…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2014-5321

FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via…

CVSS: 5.8 CWE: CWE-310 View on NVD
2013-06-10
Medium

CVE-2013-3640

Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via u…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2013-2319

FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via…

CVSS: 5.8 CWE: CWE-310 View on NVD
2007-11-23
Medium

CVE-2007-6104

Cross-site scripting (XSS) vulnerability in the Instant Web Publishing feature in FileMaker Pro 7 and 8, Server 7 and 8, and Developer 7 allows remote attackers to inject arbitrary web script or HTML…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2000-05-02
Medium

CVE-2000-0385

FileMaker Pro 5 Web Companion allows remote attackers to bypass Field-Level database security restrictions via the XML publishing or email capabilities.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2000-0386

FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forged email.

CVSS: 7.5 CWE: N/A View on NVD
2000-02-01
High

CVE-2000-0123

The shopping cart application provided with Filemaker allows remote users to modify sensitive purchase information via hidden form fields.

CVSS: 7.5 CWE: N/A View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox