CVE-2021-41808 LOW

CVE-2021-41808: In M-Files Server product with versions before 21.11.10775.0, enabling logging of federated authentication would write sensitive information to event logs.

Vendor M-Files
Product M-Files Server
Weakness CWE-532 · Sensitive info in logs
Published January 18, 2022
Last update February 23, 2026

CVSS base score

2.0/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default.

Key dates

02Disclosure timeline

January 18, 2022 CVE published
February 23, 2026 Record updated