CVE-2023-6912
HIGHM-Files Server < 23.12.13205.0 - Unauthenticated Brute Force Attack via Unlimited Authentication Attempts
Title source: llmDescription
Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.
References (3)
Core 3
Core References
Various Sources vendor-advisory
https://empower.m-files.com/security-advisories/CVE-2023-6912
Various Sources vendor-advisory
https://product.m-files.com/security-advisories/cve-2023-6912/
Scores
CVSS v3
7.5
EPSS
0.0097
EPSS Percentile
57.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-307
Status
published
Products (1)
m-files/m-files_server
< 23.12.13205.0
Published
Dec 20, 2023
Tracked Since
Feb 18, 2026