CVE-2023-6912

Summary

Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.

Affected Software

VendorProductVersion RangeStatus
M-Files CorporationM-Files Server0 < 23.12.13205.0affected
M-Files CorporationM-Files Server23.2 LTS SR6unaffected
M-Files CorporationM-Files Server23.8 LTS SR4unaffected

Weaknesses

  • CWE-307: CWE-307: Improper Restriction of Excessive Authentication Attempts

ADP Enrichment

CVE Program Container

Additional References

References