About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Product information and downloads/Security advisories

CVE-2021-41807 Lack of rate limiting

2022-01-17

Description

Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0, allows brute-forcing of certain type of user accounts.

Affected products

M-Files Server version before 21.12.10873.0 M-Files Web version before 21.12.10873.0

More information

Lack of rate limiting in certain type of user accounts allows unlimited amount of attempts and therefore makes brute-forcing login accounts easier. Vulnerability was found by an external security researcher. M-Files would like to thank Murat Aydemir from Accenture Cyber Security Team (Prague CFC) for bringing this to our attention. CWE: CWE-307

On this page
Description
Affected products
More information
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions