CVE-2021-41807

Summary

Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.

Affected Software

VendorProductVersion RangeStatus
M-FilesM-Files ServerOnline < 21.12.10873.0affected
M-FilesM-Files Server2018 < 21.12.10873.0affected
M-FilesM-Files WebClassic < 21.12.10873.0affected
M-FilesM-Files WebvNext < 21.12.10873.0affected

Weaknesses

  • CWE-307: CWE-307 Improper Restriction of Excessive Authentication Attempts

ADP Enrichment

CVE Program Container

Additional References

References