PT-2022-11487 · M Files · M-Files Server+1
Murat Aydemir
·
Published
2022-01-18
·
Updated
2026-02-23
·
CVE-2021-41807
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
M-Files Server versions prior to 21.12.10873.0
M-Files Web versions prior to 21.12.10873.0
Description
The issue is related to a lack of rate limiting in certain types of user accounts, which allows for an unlimited number of attempts, making it easier for attackers to brute-force login accounts.
Recommendations
For M-Files Server versions prior to 21.12.10873.0, update to version 21.12.10873.0 or later.
For M-Files Web versions prior to 21.12.10873.0, update to version 21.12.10873.0 or later.
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
M-Files Server
M-Files Web