RSS   Vulnerabilities for 'Mbconnect24'   RSS

2021-10-27
 
CVE-2021-34580

CWE-203
 

 
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.

 
2021-08-02
 
CVE-2021-34574

CWE-669
 

 
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.

 
 
CVE-2021-34575

CWE-203
 

 
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.

 
2021-03-02
 
CVE-2020-12530

CWE-79
 

 
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter.

 
 
CVE-2020-12529

CWE-918
 

 
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.

 
 
CVE-2020-12528

CWE-269
 

 
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to.

 
 
CVE-2020-12527

CWE-269
 

 
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to interact with devices in the account he should not have access to.

 
2021-02-16
 
CVE-2020-35570

CWE-425
 

 
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.

 
 
CVE-2020-35569

CWE-79
 

 
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page.

 
 
CVE-2020-35568

CWE-200
 

 
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.

 


Copyright 2024, cxsecurity.com

 

Back to Top