CVE-2021-41807: 
M-Files Server vulnerability analysis and mitigation

A vulnerability identified as CVE-2021-41807 was discovered in M-Files Server and M-Files Web products affecting versions prior to 21.12.10873.0. The vulnerability was initially recorded on September 29, 2021, and involves a lack of rate limiting in certain types of user accounts (CVE Details).

The vulnerability is classified under CWE-307 (Improper Restriction of Excessive Authentication Attempts). According to the National Vulnerability Database, it received a CVSS v3.1 base score of 9.8 (CRITICAL) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The M-Files Corporation assigned a slightly lower CVSS score of 7.5 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (NVD).

The vulnerability allows unlimited authentication attempts on certain types of user accounts, which significantly increases the risk of successful brute-force attacks against login credentials (NVD).

The vulnerability has been addressed in M-Files Server and M-Files Web products version 21.12.10873.0 and later. Users are advised to upgrade to this version or newer to mitigate the security risk (NVD).