Search criteria
33 vulnerabilities by mbconnectline
CVE-2023-4834 (GCVE-0-2023-4834)
Vulnerability from cvelistv5 – Published: 2023-10-16 08:40 – Updated: 2024-09-16 18:17
VLAI?
Summary
In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
Severity ?
4.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Lion Europe | mbCONNECT24 |
Affected:
0 , ≤ 2.14.2
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-041"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-043"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T18:16:53.810599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T18:17:07.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbCONNECT24",
"vendor": "Red Lion Europe",
"versions": [
{
"lessThanOrEqual": "2.14.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mymbCONNECT24",
"vendor": "Red Lion Europe",
"versions": [
{
"lessThanOrEqual": "2.14.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.14.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.14.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-16T08:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eIn \u003cspan style=\"background-color: rgb(249, 250, 251);\"\u003eRed Lion Europe\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(249, 250, 251);\"\u003embCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u0026nbsp;\u003c/span\u003eimproperly implemented access validation \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eallows an authenticated, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003elow privileged\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;attacker to gain read access to limited, non-critical device information in his account he should not have access to.\u003c/span\u003e\n\u003c/p\u003e\n\t\t\t\t\t\u003c/div\u003e\n\t\t\t\t\u003c/div\u003e\n\t\t\t\u003c/div\u003e\n\t\t\u003c/div\u003e\n\t\n"
}
],
"value": "In Red Lion Europe\u00a0mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u00a0improperly implemented access validation allows an authenticated, low privileged\u00a0attacker to gain read access to limited, non-critical device information in his account he should not have access to.\n\n\n\n\t\t\t\t\t\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T08:59:23.795Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-041"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-043"
}
],
"source": {
"defect": [
"CERT@VDE#64587"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-4834",
"datePublished": "2023-10-16T08:40:13.064Z",
"dateReserved": "2023-09-08T07:54:38.764Z",
"dateUpdated": "2024-09-16T18:17:07.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1779 (GCVE-0-2023-1779)
Vulnerability from cvelistv5 – Published: 2023-06-06 10:07 – Updated: 2025-01-07 19:19
VLAI?
Summary
Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information.
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MB Connect Line | mbCONNECT24 |
Affected:
1.0.0 , ≤ 2.13.3
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Helmholz GmbH & Co. KG
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T19:17:38.403913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T19:19:11.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbCONNECT24",
"vendor": "MB Connect Line",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mymbCONNECT24",
"vendor": "MB Connect Line",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Helmholz GmbH \u0026 Co. KG"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an unauthorized actor vulnerability\u0026nbsp;in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual in versions \u0026lt;=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information."
}
],
"value": "Exposure of Sensitive Information to an unauthorized actor vulnerability\u00a0in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual in versions \u003c=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T05:30:25.424Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-008/"
}
],
"source": {
"advisory": "VDE-2023-002",
"defect": [
"CERT@VDE#64404"
],
"discovery": "UNKNOWN"
},
"title": "Helmholz and MB Connect Line: Account takeover via password reset in multiple products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1779",
"datePublished": "2023-06-06T10:07:35.354Z",
"dateReserved": "2023-03-31T13:00:50.757Z",
"dateUpdated": "2025-01-07T19:19:11.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0985 (GCVE-0-2023-0985)
Vulnerability from cvelistv5 – Published: 2023-06-06 10:06 – Updated: 2025-01-07 19:20
VLAI?
Summary
An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account.
Severity ?
8.8 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MB Connect Line | mbCONNECT24 |
Affected:
1.0.0 , ≤ 2.13.3
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Hussein Alsharafi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:45.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0985",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T19:19:39.189272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T19:20:21.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbCONNECT24",
"vendor": "MB Connect Line",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mymbCONNECT24",
"vendor": "MB Connect Line",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hussein Alsharafi"
}
],
"datePublic": "2023-05-15T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Authorization Bypass vulnerability was found in MB Connect Lines\u0026nbsp;mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual version \u0026lt;= 2.13.3.\u0026nbsp;An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account."
}
],
"value": "An Authorization Bypass vulnerability was found in MB Connect Lines\u00a0mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual version \u003c= 2.13.3.\u00a0An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-06T10:06:48.102Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-002/"
}
],
"source": {
"advisory": "VDE-2023-002",
"defect": [
"CERT@VDE#64404"
],
"discovery": "UNKNOWN"
},
"title": "Helmholz and MB Connect Line: Account takeover via password reset in multiple products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-0985",
"datePublished": "2023-06-06T10:06:48.102Z",
"dateReserved": "2023-02-23T14:11:49.473Z",
"dateUpdated": "2025-01-07T19:20:21.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22520 (GCVE-0-2022-22520)
Vulnerability from cvelistv5 – Published: 2022-09-14 14:05 – Updated: 2024-09-17 04:14
VLAI?
Summary
A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
Severity ?
5.3 (Medium)
CWE
- CWE-204 - Response Discrepancy Information Exposure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MB connect line | mymbCONNECT24 |
Affected:
2 , ≤ 2.11.2
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
SySS GmbH reported this vulnerability to Helmholz. Helmholz reported this vulnerability to MB connect line. CERT@VDE coordinated with Helmholz & MB connect line.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
},
{
"product": "myREX24",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
},
{
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "SySS GmbH reported this vulnerability to Helmholz. Helmholz reported this vulnerability to MB connect line. CERT@VDE coordinated with Helmholz \u0026 MB connect line."
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Response Discrepancy Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T14:05:29",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-011"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Version 2.12.1"
}
],
"source": {
"advisory": "VDE-2022-011",
"discovery": "EXTERNAL"
},
"title": "User enumeration vulnerability in MB connect line and Helmholz products",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
"ID": "CVE-2022-22520",
"STATE": "PUBLIC",
"TITLE": "User enumeration vulnerability in MB connect line and Helmholz products"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
}
]
},
"vendor_name": "MB connect line"
},
{
"product": {
"product_data": [
{
"product_name": "myREX24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
},
{
"product_name": "myREX24.virtual",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
}
]
},
"vendor_name": "Helmholz"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SySS GmbH reported this vulnerability to Helmholz. Helmholz reported this vulnerability to MB connect line. CERT@VDE coordinated with Helmholz \u0026 MB connect line."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-204 Response Discrepancy Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-011",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-011"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Version 2.12.1"
}
],
"source": {
"advisory": "VDE-2022-011",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-22520",
"datePublished": "2022-09-14T14:05:30.024889Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-17T04:14:21.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34580 (GCVE-0-2021-34580)
Vulnerability from cvelistv5 – Published: 2021-10-27 10:25 – Updated: 2024-09-17 01:41
VLAI?
Summary
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
Severity ?
7.5 (High)
CWE
- CWE-204 - Response Discrepancy Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| MB connect line | mymbCONNECT24 |
Affected:
2.9.0 , ≤ 2.9.0
(custom)
|
|||||||
|
|||||||||
Credits
LEWA Attendorn GmbH reported the vulnerability to MB connect line. CERT@VDE coordinated.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-037/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.9.0",
"status": "affected",
"version": "2.9.0",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.9.0",
"status": "affected",
"version": "2.9.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "LEWA Attendorn GmbH reported the vulnerability to MB connect line. CERT@VDE coordinated."
}
],
"datePublic": "2021-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Response Discrepancy Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T10:25:09",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-037/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.10.1"
}
],
"source": {
"advisory": "VDE-2021-030",
"discovery": "EXTERNAL"
},
"title": "Remote user enumeration in mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-10-27T10:00:00.000Z",
"ID": "CVE-2021-34580",
"STATE": "PUBLIC",
"TITLE": "Remote user enumeration in mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.9.0",
"version_value": "2.9.0"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.9.0",
"version_value": "2.9.0"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "LEWA Attendorn GmbH reported the vulnerability to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-204 Response Discrepancy Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-037/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-037/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.10.1"
}
],
"source": {
"advisory": "VDE-2021-030",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34580",
"datePublished": "2021-10-27T10:25:09.307226Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-17T01:41:24.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34575 (GCVE-0-2021-34575)
Vulnerability from cvelistv5 – Published: 2021-08-02 10:24 – Updated: 2024-09-16 22:46
VLAI?
Summary
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.
Severity ?
7.5 (High)
CWE
- CWE-203 - Information Exposure Through Discrepancy
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| MB connect line | mymbCONNECT24 |
Affected:
2.8.0 , ≤ 2.8.0
(custom)
|
|||||||
|
|||||||||
Credits
OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.8.0",
"status": "affected",
"version": "2.8.0",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.8.0",
"status": "affected",
"version": "2.8.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"datePublic": "2021-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In MB connect line mymbCONNECT24, mbCONNECT24 in versions \u003c= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Information Exposure Through Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T10:24:32",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.9.0"
}
],
"source": {
"advisory": "VDE-2021-030",
"discovery": "EXTERNAL"
},
"title": "Information Exposure in mymbCONNECT24, mbCONNECT24 \u003c= 2.8.0",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-07-23T12:50:00.000Z",
"ID": "CVE-2021-34575",
"STATE": "PUBLIC",
"TITLE": "Information Exposure in mymbCONNECT24, mbCONNECT24 \u003c= 2.8.0"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.8.0",
"version_value": "2.8.0"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.8.0",
"version_value": "2.8.0"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MB connect line mymbCONNECT24, mbCONNECT24 in versions \u003c= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Information Exposure Through Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-030",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.9.0"
}
],
"source": {
"advisory": "VDE-2021-030",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34575",
"datePublished": "2021-08-02T10:24:32.820190Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T22:46:43.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33527 (GCVE-0-2021-33527)
Vulnerability from cvelistv5 – Published: 2021-08-02 10:24 – Updated: 2024-09-16 17:42
VLAI?
Summary
In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.
Severity ?
9.8 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MB connect line | mbDIALUP |
Affected:
3.9R0.0 , ≤ 3.9R0.0
(custom)
|
Credits
Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mbDIALUP",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "3.9R0.0",
"status": "affected",
"version": "3.9R0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated."
}
],
"datePublic": "2021-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In MB connect line mbDIALUP versions \u003c= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-29T09:20:09",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 3.9R0.5"
}
],
"source": {
"advisory": "VDE-2021-017",
"discovery": "EXTERNAL"
},
"title": "OS Command Injection in mbDIALUP \u003c= 3.9R0.0",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-07-23T12:50:00.000Z",
"ID": "CVE-2021-33527",
"STATE": "PUBLIC",
"TITLE": "OS Command Injection in mbDIALUP \u003c= 3.9R0.0"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mbDIALUP",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.9R0.0",
"version_value": "3.9R0.0"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MB connect line mbDIALUP versions \u003c= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-017",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 3.9R0.5"
}
],
"source": {
"advisory": "VDE-2021-017",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33527",
"datePublished": "2021-08-02T10:24:31.012186Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-16T17:42:36.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34574 (GCVE-0-2021-34574)
Vulnerability from cvelistv5 – Published: 2021-08-02 10:24 – Updated: 2024-09-16 18:14
VLAI?
Summary
In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.
Severity ?
4.3 (Medium)
CWE
- CWE-669 - Incorrect Resource Transfer Between Spheres
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MB connect line | mymbCONNECT24 |
Affected:
2 , ≤ 2.11.2
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
OTORIO reported the vulnerabilities to MB connect line.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
},
{
"product": "myREX24",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
},
{
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OTORIO reported the vulnerabilities to MB connect line."
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-669",
"description": "CWE-669 Incorrect Resource Transfer Between Spheres",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T14:05:29",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-030"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.12.1"
}
],
"source": {
"advisory": "VDE-2021-030, VDE-2022-039",
"discovery": "EXTERNAL"
},
"title": "Password policy evasion in products of MB connect line and Helmholz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
"ID": "CVE-2021-34574",
"STATE": "PUBLIC",
"TITLE": "Password policy evasion in products of MB connect line and Helmholz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
}
]
},
"vendor_name": "MB connect line"
},
{
"product": {
"product_data": [
{
"product_name": "myREX24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
},
{
"product_name": "myREX24.virtual",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
}
]
},
"vendor_name": "Helmholz"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-669 Incorrect Resource Transfer Between Spheres"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-030",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-030"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.12.1"
}
],
"source": {
"advisory": "VDE-2021-030, VDE-2022-039",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34574",
"datePublished": "2021-08-02T10:24:31.932350Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T18:14:15.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33526 (GCVE-0-2021-33526)
Vulnerability from cvelistv5 – Published: 2021-08-02 10:24 – Updated: 2024-09-17 01:56
VLAI?
Summary
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.
Severity ?
7.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MB connect line | mbDIALUP |
Affected:
3.9R0.0 , ≤ 3.9R0.0
(custom)
|
Credits
Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mbDIALUP",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "3.9R0.0",
"status": "affected",
"version": "3.9R0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated."
}
],
"datePublic": "2021-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In MB connect line mbDIALUP versions \u003c= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T10:24:29",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 3.9R0.5"
}
],
"source": {
"advisory": "VDE-2021-017",
"discovery": "EXTERNAL"
},
"title": "Privilege escalation in mbDIALUP \u003c= 3.9R0.0",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-07-23T12:50:00.000Z",
"ID": "CVE-2021-33526",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation in mbDIALUP \u003c= 3.9R0.0"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mbDIALUP",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.9R0.0",
"version_value": "3.9R0.0"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MB connect line mbDIALUP versions \u003c= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-017",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 3.9R0.5"
}
],
"source": {
"advisory": "VDE-2021-017",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33526",
"datePublished": "2021-08-02T10:24:29.999553Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T01:56:14.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12528 (GCVE-0-2020-12528)
Vulnerability from cvelistv5 – Published: 2021-03-02 21:15 – Updated: 2024-09-16 20:37
VLAI?
Summary
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to.
Severity ?
6.5 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| MB connect line | mymbCONNECT24 |
Affected:
2.6.2 , ≤ 2.6.2
(custom)
|
|||||||
|
|||||||||
Credits
OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"datePublic": "2021-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-02T21:15:25",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v2.7.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-02-15T13:50:00.000Z",
"ID": "CVE-2020-12528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v2.7.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12528",
"datePublished": "2021-03-02T21:15:25.048098Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T20:37:38.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12529 (GCVE-0-2020-12529)
Vulnerability from cvelistv5 – Published: 2021-03-02 21:15 – Updated: 2024-09-16 20:42
VLAI?
Summary
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.
Severity ?
5.8 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| MB connect line | mymbCONNECT24 |
Affected:
2.6.2 , ≤ 2.6.2
(custom)
|
|||||||
|
|||||||||
Credits
OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"datePublic": "2021-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-02T21:15:25",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v2.7.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-02-15T13:50:00.000Z",
"ID": "CVE-2020-12529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v2.7.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12529",
"datePublished": "2021-03-02T21:15:25.155141Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T20:42:49.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12530 (GCVE-0-2020-12530)
Vulnerability from cvelistv5 – Published: 2021-03-02 21:15 – Updated: 2024-09-16 19:55
VLAI?
Summary
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| MB connect line | mymbCONNECT24 |
Affected:
2.6.2 , ≤ 2.6.2
(custom)
|
|||||||
|
|||||||||
Credits
OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"datePublic": "2021-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-02T21:15:25",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v2.7.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-02-15T13:50:00.000Z",
"ID": "CVE-2020-12530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v2.7.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12530",
"datePublished": "2021-03-02T21:15:25.258645Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T19:55:41.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12527 (GCVE-0-2020-12527)
Vulnerability from cvelistv5 – Published: 2021-03-02 21:15 – Updated: 2024-09-16 20:43
VLAI?
Summary
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions.
Severity ?
6.5 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MB connect line | mymbCONNECT24 |
Affected:
2.6.2 , ≤ 2.11.2
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
},
{
"product": "myREX24",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
},
{
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"status": "affected",
"version": "2.11.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T06:10:07",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
},
"title": "Improper Access Validation in products of MB connect line and Helmholz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-09-07T12:50:00.000Z",
"ID": "CVE-2020-12527",
"STATE": "PUBLIC",
"TITLE": "Improper Access Validation in products of MB connect line and Helmholz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.6.2",
"version_value": "2.11.2"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.6.2",
"version_value": "2.11.2"
}
]
}
}
]
},
"vendor_name": "MB connect line"
},
{
"product": {
"product_data": [
{
"product_name": "myREX24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
},
{
"product_name": "myREX24.virtual",
"version": {
"version_data": [
{
"version_name": "2",
"version_value": "2.11.2"
}
]
}
}
]
},
"vendor_name": "Helmholz"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12527",
"datePublished": "2021-03-02T21:15:24.885533Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T20:43:07.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35561 (GCVE-0-2020-35561)
Vulnerability from cvelistv5 – Published: 2021-02-16 15:49 – Updated: 2024-09-16 18:08
VLAI?
Summary
An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.
Severity ?
5.3 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Credits
OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T14:05:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 2.12.1"
}
],
"source": {
"advisory": "VDE-2021-030, VDE-2022-039",
"discovery": "EXTERNAL"
},
"title": "SSRF in variuos products of MB connect line and Helmholz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
"ID": "CVE-2020-35561",
"STATE": "PUBLIC",
"TITLE": "SSRF in variuos products of MB connect line and Helmholz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 2.12.1"
}
],
"source": {
"advisory": "VDE-2021-030, VDE-2022-039",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35561",
"datePublished": "2021-02-16T15:49:45.850093Z",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-09-16T18:08:12.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35565 (GCVE-0-2020-35565)
Vulnerability from cvelistv5 – Published: 2021-02-16 15:47 – Updated: 2024-08-04 17:09
VLAI?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T15:47:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35565",
"datePublished": "2021-02-16T15:47:27",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-08-04T17:09:13.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35567 (GCVE-0-2020-35567)
Vulnerability from cvelistv5 – Published: 2021-02-16 15:45 – Updated: 2024-08-04 17:09
VLAI?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T15:45:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35567",
"datePublished": "2021-02-16T15:45:56",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-08-04T17:09:13.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35568 (GCVE-0-2020-35568)
Vulnerability from cvelistv5 – Published: 2021-02-16 15:44 – Updated: 2024-09-17 03:48
VLAI?
Summary
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.
Severity ?
4.3 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T14:05:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 2.12.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sensitive Information Exposure in products of MB connect line and Helmholz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
"ID": "CVE-2020-35568",
"STATE": "PUBLIC",
"TITLE": "Sensitive Information Exposure in products of MB connect line and Helmholz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 2.12.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35568",
"datePublished": "2021-02-16T15:44:10.164584Z",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-09-17T03:48:34.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35559 (GCVE-0-2020-35559)
Vulnerability from cvelistv5 – Published: 2021-02-16 15:42 – Updated: 2024-08-04 17:09
VLAI?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T15:42:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35559",
"datePublished": "2021-02-16T15:42:20",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-08-04T17:09:13.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35566 (GCVE-0-2020-35566)
Vulnerability from cvelistv5 – Published: 2021-02-16 15:40 – Updated: 2024-09-16 22:31
VLAI?
Summary
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion.
Severity ?
5.3 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T14:05:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local file inclusion vulnerability in products of MB connect line and Helmholz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
"ID": "CVE-2020-35566",
"STATE": "PUBLIC",
"TITLE": "Local file inclusion vulnerability in products of MB connect line and Helmholz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35566",
"datePublished": "2021-02-16T15:40:07.656065Z",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-09-16T22:31:00.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35569 (GCVE-0-2020-35569)
Vulnerability from cvelistv5 – Published: 2021-02-16 15:37 – Updated: 2024-08-04 17:09
VLAI?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T15:37:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35569",
"datePublished": "2021-02-16T15:37:53",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-08-04T17:09:13.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35564 (GCVE-0-2020-35564)
Vulnerability from cvelistv5 – Published: 2021-02-16 15:35 – Updated: 2024-08-04 17:09
VLAI?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T15:35:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35564",
"datePublished": "2021-02-16T15:35:21",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-08-04T17:09:13.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35563 (GCVE-0-2020-35563)
Vulnerability from cvelistv5 – Published: 2021-02-16 15:30 – Updated: 2024-08-04 17:09
VLAI?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T15:30:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35563",
"datePublished": "2021-02-16T15:30:20",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-08-04T17:09:13.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35560 (GCVE-0-2020-35560)
Vulnerability from cvelistv5 – Published: 2021-02-16 15:28 – Updated: 2024-08-04 17:09
VLAI?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T15:28:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35560",
"datePublished": "2021-02-16T15:28:01",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-08-04T17:09:13.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35558 (GCVE-0-2020-35558)
Vulnerability from cvelistv5 – Published: 2021-02-16 15:26 – Updated: 2024-09-16 20:02
VLAI?
Summary
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T14:05:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SSRF in products of MB connect line and Helmholz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
"ID": "CVE-2020-35558",
"STATE": "PUBLIC",
"TITLE": "SSRF in products of MB connect line and Helmholz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35558",
"datePublished": "2021-02-16T15:26:11.394978Z",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-09-16T20:02:23.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35570 (GCVE-0-2020-35570)
Vulnerability from cvelistv5 – Published: 2021-02-16 15:23 – Updated: 2024-09-16 19:51
VLAI?
Summary
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.
Severity ?
5.3 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T14:05:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foreced Browsing vulnerability in products of MB connect line and Helmholz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
"ID": "CVE-2020-35570",
"STATE": "PUBLIC",
"TITLE": "Foreced Browsing vulnerability in products of MB connect line and Helmholz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35570",
"datePublished": "2021-02-16T15:23:53.959468Z",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-09-16T19:51:23.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35557 (GCVE-0-2020-35557)
Vulnerability from cvelistv5 – Published: 2021-02-16 15:16 – Updated: 2024-09-16 17:42
VLAI?
Summary
An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T14:05:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Access Validation in products of MB connect line and Helmholz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
"ID": "CVE-2020-35557",
"STATE": "PUBLIC",
"TITLE": "Improper Access Validation in products of MB connect line and Helmholz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35557",
"datePublished": "2021-02-16T15:16:06.296170Z",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-09-16T17:42:40.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24568 (GCVE-0-2020-24568)
Vulnerability from cvelistv5 – Published: 2020-10-02 18:19 – Updated: 2024-08-04 15:19
VLAI?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T18:20:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "CONFIRM",
"url": "https://mbconnectline.com/security-advice/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24568",
"datePublished": "2020-10-02T18:19:43",
"dateReserved": "2020-08-21T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24570 (GCVE-0-2020-24570)
Vulnerability from cvelistv5 – Published: 2020-09-29 19:44 – Updated: 2024-08-04 15:19
VLAI?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:08.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T18:24:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "CONFIRM",
"url": "https://mbconnectline.com/security-advice/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24570",
"datePublished": "2020-09-29T19:44:26",
"dateReserved": "2020-08-21T00:00:00",
"dateUpdated": "2024-08-04T15:19:08.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24569 (GCVE-0-2020-24569)
Vulnerability from cvelistv5 – Published: 2020-09-29 19:39 – Updated: 2024-08-04 15:19
VLAI?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:08.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T18:23:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "CONFIRM",
"url": "https://mbconnectline.com/security-advice/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24569",
"datePublished": "2020-09-29T19:39:40",
"dateReserved": "2020-08-21T00:00:00",
"dateUpdated": "2024-08-04T15:19:08.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10384 (GCVE-0-2020-10384)
Vulnerability from cvelistv5 – Published: 2020-04-14 17:08 – Updated: 2024-08-04 10:58
VLAI?
Summary
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root account.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T16:31:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "CONFIRM",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10384",
"datePublished": "2020-04-14T17:08:21",
"dateReserved": "2020-03-10T00:00:00",
"dateUpdated": "2024-08-04T10:58:40.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}