Vulnerability CVE-2021-34574


Published: 2021-08-02

Description:
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.

Type:

CWE-669

(Incorrect Resource Transfer Between Spheres)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Mbconnectline -> Mbconnect24 
Mbconnectline -> Mymbconnect24 

 References:
https://cert.vde.com/de-de/advisories/vde-2021-030

Copyright 2024, cxsecurity.com

 

Back to Top