CVE-2021-41807
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| M-Files | M-Files Server | Online < 21.12.10873.0 | affected |
| M-Files | M-Files Server | 2018 < 21.12.10873.0 | affected |
| M-Files | M-Files Web | Classic < 21.12.10873.0 | affected |
| M-Files | M-Files Web | vNext < 21.12.10873.0 | affected |
Weaknesses
- CWE-307: CWE-307 Improper Restriction of Excessive Authentication Attempts
ADP Enrichment
CVE Program Container
Additional References
References
- https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-41807/
- https://empower.m-files.com/security-advisories/CVE-2021-41807
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.