6 mins

Dimitris Kokoutsidis

Claris FileMaker Vulnerabilities

Source: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=FileMaker There are 16 CVE Records that match FileMaker in MITRE database. There is another CVE for 2024, CVE-2024-23202, as mentioned in https://cyberfm.eu/fms-privilege-escalation/ and https://fm-security.com/posts/priv_esc/ that is not published yet. Name Description CVE-2024-27794 Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker

31 mins

Dimitris Kokoutsidis

In-Depth Scenarios Illustrating NIS 2 Implications for Manufacturing Companies Using FileMaker

Ensuring Cyber Resilience in Manufacturing: Navigating NIS 2 Requirements with FileMaker Solutions Dimitris Kokoutsidis, Oct 16, 2024, CyberFM Understanding the practical implications of the NIS 2 Directive is crucial for manufacturing companies that rely on FileMaker solutions. The following detailed scenarios illustrate potential risks and challenges that such companies may face, along with the obligations

32 mins

Dimitris Kokoutsidis

How does the EU AI Act affect FileMaker Developers?

Dimitris Kokoutsidis, Oct 9, 2024, CyberFM Menu Key Provisions of the EU AI Act 1. Risk-Based Classification System To top The EU AI Act categorizes AI systems into four risk levels based on their potential impact on individuals’ safety and fundamental rights: 2. Transparency and Disclosure AI systems must meet transparency obligations to ensure users

21 mins

David Hamann

FileMaker Server Admin Console: Access and Role Restriction Issues

Uncovering Access and Role Restriction Vulnerabilities in the FileMaker Server Admin Console Source: https://davidhamann.de/2024/10/09/fms-bypassing-restrictions/ With a few security features added to the FileMaker Server Admin Console in the last few versions, I decided to play around with them to see how they are implemented. In this article I want to highlight three of the issues

23 mins

Dimitris Kokoutsidis

How NIS 2 Affects FileMaker Developers: A Comprehensive Guide to Compliance and Best Practices

Navigating NIS 2 Compliance for FileMaker Developers: Key Impacts, Practical Steps, and Proactive Security Strategies Dimitris Kokoutsidis, Oct 9, 2024, CyberFM The European Union’s NIS 2 Directive represents a significant overhaul of the cybersecurity landscape, aiming to strengthen the resilience of critical infrastructure and essential services across member states. As a FileMaker developer, it’s crucial

8 mins

Dimitris Kokoutsidis

In-Depth Analysis: The Flaws of Relying on Startup Scripts for Security in FileMaker

Dimitris Kokoutsidis, Oct 6, 2024, CyberFM Menu: Understanding the Weakness of Startup Scripts as a Security Measure: The Illusion of Security with Startup Scripts: The Role of Script Debugger in Exploiting Startup Scripts: Full Access Account Reinsertion via Decompilation: The Critical Importance of Encryption and Robust Account Management: Encryption as the First Line of Defense:

68 mins

Dimitris Kokoutsidis

Understanding the OWASP Top 10 Vulnerabilities for Large Language Model Applications

Dimitris Kokoutsidis, Sept 26, 2024, CyberFM Introduction In the rapidly evolving landscape of artificial intelligence, Large Language Models (LLMs) like GPT-4 have become integral to numerous applications, including chatbots, virtual assistants, content generation, and more. While these models offer remarkable capabilities, they also introduce a new set of security challenges that must be addressed to

18 mins

Alexey Dubov

FMS, bypass authorisation

Bypass authorization of FileMaker Server or “there is no such category” Source: https://fm-security.com/posts/bypass_auth/ CVE FileMaker Server CVE-2024-27790 Menu Introduction In the summer of 2023, I decided to investigate the internal communication protocol between FileMaker clients and the server. This led to the discovery of perhaps the most significant vulnerability in the platform’s history. I discovered that it

14 mins

Alexey Dubov

FileMaker, dylib hijacking

Understanding the Risks and Mitigations of dylib Hijacking in macOS FileMaker Pro CVE-2023-42920 Source: https://fm-security.com/posts/dylib/ CVE macOS FileMaker Pro CVE-2023-42920 Menu Introduction The dylib hijacking vulnerability for macOS is well known and studied. But from a FileMaker developer’s point of view, I have not seen any analysis of this problem. I will begin a little bit from afar. Embedding into someone else’s

27 mins

Richard Carlton

Long Distance Upgrades in FileMaker

Richard Carlton, Jul 30, 2024, FileMaker Training Videos Menu Introduction to FileMaker Upgrades To top Upgrading FileMaker to its latest version is a decision that many organizations delay, often due to concerns about cost, downtime, or compatibility. However, running an outdated version of FileMaker comes with several risks, including slower performance, security vulnerabilities, and compatibility

35 mins

Doug Wallis

The developer’s edge Claris FileMaker 2024 security features

Jasper Schoonackers (Lesterius), Doug Wallis, and Sangita Banerjee (Claris) , Claris Community Live 6 Data breaches and cyber threats are becoming increasingly sophisticated, the security of your database systems is more critical than ever. Claris FileMaker 2024 introduces a comprehensive suite of new security features and enhancements designed to help developers, administrators, and organizations protect

18 mins

Doug Wallis

Security – Why It Pays to Keep Up to Date

Wim Decorte, Doug Wallis, Jun 13, 2024, Claris Community Live 1. Introduction Security in FileMaker development has evolved from a “nice-to-have” feature to an absolute necessity. In the third Claris Community Live event, Rosemary Tietge, along with experts Wim Decorte and Doug Wallis, walked through the most relevant security challenges, solutions, and best practices for

16 mins

Jacob Taylor

FileMaker 2024 Server Q&A with Wim Decorte and Jacob Taylor

Wim Decorte, Jacob Taylor, Jun 11, 2024, In this blog post, we take a deep dive into the FileMaker 2024 Server (also known as FileMaker 21) Q&A session featuring experts Wim Decorte from Soliant Consulting and Jacob Taylor from RCC. This session provided a comprehensive look at FileMaker Server’s latest features, performance optimizations, and essential

32 mins

Richard Carlton

FileMaker Record and Layout Level Access – Controlling Access to the Database

Richard Carlton, Mar 4, 2024, FileMaker Training Videos Menu: Introduction Ensuring the security of your FileMaker database is a critical component of maintaining data integrity and ensuring compliance with industry standards. Properly managing access to records and layouts not only protects sensitive data but also tailors the user experience based on roles and responsibilities. This

41 mins

Wim Decorte

Are You Confident in Your FileMaker App’s Security?

Wim Decorte, Claris Engage 2024 As the complexity of digital ecosystems continues to evolve, ensuring the security of the applications we build has never been more important. With the increasing sophistication of attacks, even a small oversight can lead to catastrophic results such as data breaches, fines, or damage to reputation. This blog post delves