CVE-2023-6912
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| M-Files Corporation | M-Files Server | 0 < 23.12.13205.0 | affected |
| M-Files Corporation | M-Files Server | 23.2 LTS SR6 | unaffected |
| M-Files Corporation | M-Files Server | 23.8 LTS SR4 | unaffected |
Weaknesses
- CWE-307: CWE-307: Improper Restriction of Excessive Authentication Attempts
ADP Enrichment
CVE Program Container
Additional References
References
- https://product.m-files.com/security-advisories/cve-2023-6912/
- https://empower.m-files.com/security-advisories/CVE-2023-6912
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.