18 mins

Claris Support

Running FileMaker Server in a Docker container for Ubuntu 20.04

Source: https://support.claris.com/s/article/Running-FileMaker-Server-in-a-Docker-container-for-Ubuntu-20-04?language=en_US Claris Engineering Blog August 1, 2022 Updates: This engineering blog describes why you might want to use Claris FileMaker Server with Docker and how to set up a Docker image containing FileMaker Server. You can set up FileMaker Server in a Docker container as a primary or secondary machine to deploy your database.

6 mins

Dimitris Kokoutsidis

Claris FileMaker Vulnerabilities

Source: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=FileMaker There are 16 CVE Records that match FileMaker in MITRE database. There is another CVE for 2024, CVE-2024-23202, as mentioned in https://cyberfm.eu/fms-privilege-escalation/ and https://fm-security.com/posts/priv_esc/ that is not published yet. Name Description CVE-2024-27794 Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker

31 mins

Dimitris Kokoutsidis

In-Depth Scenarios Illustrating NIS 2 Implications for Manufacturing Companies Using FileMaker

Ensuring Cyber Resilience in Manufacturing: Navigating NIS 2 Requirements with FileMaker Solutions Dimitris Kokoutsidis, Oct 16, 2024, CyberFM Understanding the practical implications of the NIS 2 Directive is crucial for manufacturing companies that rely on FileMaker solutions. The following detailed scenarios illustrate potential risks and challenges that such companies may face, along with the obligations

7 mins

Christian Schmitz

Security tidbits for FileMaker

Essential Security Tips for Protecting Your FileMaker Solutions Source: https://www.mbsplugins.de/archive/2024-10-14/Security_tidbits_for_FileMaker/monkeybreadsoftware_blog_filemaker We talked about various things at the FileMaker conference in Rome and security is a concern for everyone. Especially as scripted attacks got frequently. Rename Admin Have you ever put a FileMaker Server on the internet? You may note that people knowing your address try

32 mins

Dimitris Kokoutsidis

How does the EU AI Act affect FileMaker Developers?

Dimitris Kokoutsidis, Oct 9, 2024, CyberFM Menu Key Provisions of the EU AI Act 1. Risk-Based Classification System To top The EU AI Act categorizes AI systems into four risk levels based on their potential impact on individuals’ safety and fundamental rights: 2. Transparency and Disclosure AI systems must meet transparency obligations to ensure users

21 mins

David Hamann

FileMaker Server Admin Console: Access and Role Restriction Issues

Uncovering Access and Role Restriction Vulnerabilities in the FileMaker Server Admin Console Source: https://davidhamann.de/2024/10/09/fms-bypassing-restrictions/ With a few security features added to the FileMaker Server Admin Console in the last few versions, I decided to play around with them to see how they are implemented. In this article I want to highlight three of the issues

23 mins

Dimitris Kokoutsidis

How NIS 2 Affects FileMaker Developers: A Comprehensive Guide to Compliance and Best Practices

Navigating NIS 2 Compliance for FileMaker Developers: Key Impacts, Practical Steps, and Proactive Security Strategies Dimitris Kokoutsidis, Oct 9, 2024, CyberFM The European Union’s NIS 2 Directive represents a significant overhaul of the cybersecurity landscape, aiming to strengthen the resilience of critical infrastructure and essential services across member states. As a FileMaker developer, it’s crucial

12 mins

Dimitris Kokoutsidis

FileMaker IT Auditing Procedure

Dimitris Kokoutsidis, Sept 26, 2024, CyberFM 1. Audit Overview Objective:The goal of an audit is to ensure the reliability, security, and operational effectiveness of the FileMaker solution. The audit process involves identifying potential points of failure or security risks in the system and addressing them proactively. Process: Documentation Tips:Maintain both physical and digital copies of

8 mins

Dimitris Kokoutsidis

In-Depth Analysis: The Flaws of Relying on Startup Scripts for Security in FileMaker

Dimitris Kokoutsidis, Oct 6, 2024, CyberFM Menu: Understanding the Weakness of Startup Scripts as a Security Measure: The Illusion of Security with Startup Scripts: The Role of Script Debugger in Exploiting Startup Scripts: Full Access Account Reinsertion via Decompilation: The Critical Importance of Encryption and Robust Account Management: Encryption as the First Line of Defense:

68 mins

Dimitris Kokoutsidis

Understanding the OWASP Top 10 Vulnerabilities for Large Language Model Applications

Dimitris Kokoutsidis, Sept 26, 2024, CyberFM Introduction In the rapidly evolving landscape of artificial intelligence, Large Language Models (LLMs) like GPT-4 have become integral to numerous applications, including chatbots, virtual assistants, content generation, and more. While these models offer remarkable capabilities, they also introduce a new set of security challenges that must be addressed to

1 mins

Alexey Dubov

FMS, privilege escalation

CVE macOS, Windows, Ubuntu FileMaker Server CVE-2024-23202 Source: https://fm-security.com/posts/priv_esc/ I have identified a privilege escalation vulnerability in FileMaker Server for all platforms (macOS, Windows, Ubuntu) This vulnerability allows an attacker, that has the most limited access to a remote database, hosted on FileMaker Server, to get full access privileges, with access to all data from all tables

18 mins

Alexey Dubov

FMS, bypass authorisation

Bypass authorization of FileMaker Server or “there is no such category” Source: https://fm-security.com/posts/bypass_auth/ CVE FileMaker Server CVE-2024-27790 Menu Introduction In the summer of 2023, I decided to investigate the internal communication protocol between FileMaker clients and the server. This led to the discovery of perhaps the most significant vulnerability in the platform’s history. I discovered that it

35 mins

Doug Wallis

The developer’s edge Claris FileMaker 2024 security features

Jasper Schoonackers (Lesterius), Doug Wallis, and Sangita Banerjee (Claris) , Claris Community Live 6 Data breaches and cyber threats are becoming increasingly sophisticated, the security of your database systems is more critical than ever. Claris FileMaker 2024 introduces a comprehensive suite of new security features and enhancements designed to help developers, administrators, and organizations protect

18 mins

Claris Support

Running FileMaker Server in a Docker container for Ubuntu 20.04

Claris Support The Linux’s FileMaker server installer now have a docker folder which contains a bunch of script to build and deploy a FileMaker Server on docker. You can rely on it instead of the article. Source: https://support.claris.com/s/article/Running-FileMaker-Server-in-a-Docker-container-for-Ubuntu-20-04?language=en_US Claris Engineering Blog August 1, 2022 Updates: This engineering blog describes why you might want to use

72 mins

David Hamann

Exploring the fmp12 file format; or: what was my password again?

Decoding the fmp12 File Format: A Deep Dive into Passwords and Account Security Source: https://davidhamann.de/2024/06/17/how-does-filemaker-store-passwords/ Introduction On This Page I had been planning for a while to dive deeper into the fmp12 file format to explore how data is organized and how accounts and passwords are stored. A few months ago, I finally found the