← back
CVE-2021-41807

Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0, allows brute-forcing of certain type of user accounts.

CVSS 7.5 HIGHEPSS 1.1%CWE-307
Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
M-Files · M-Files ServerM-Files · M-Files Web

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://empower.m-files.com/security-advisories/CVE-2021-41807https://www.m-files.com/about/trust-center/security-vulnerabilities/cve-2021-41807/