Lucene search

MitreCVE-2020-10381

HistoryApr 14, 2020 - 5:15 p.m.

CVE-2020-10381

2020-04-1417:15:11

CWE-89

mitre

web.nvd.nist.gov

nvd

cve-2020-10381

sql injection

data24

mb connect line

security issue

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

31.7%

JSON

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names.

Affected configurations

Nvd

Node

mbconnectlinembconnect24Range≤2.5.0

mbconnectlinemymbconnect24Range≤2.5.0

VendorProductVersionCPE
mbconnectlinembconnect24*cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*
mbconnectlinemymbconnect24*cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mbconnectline	mbconnect24	*	cpe:2.3:a:mbconnectline:mbconnect24::::::::
mbconnectline	mymbconnect24	*	cpe:2.3:a:mbconnectline:mymbconnect24::::::::

References

mbconnectline.com/security-advice/

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

31.7%

JSON

Related for CVE-2020-10381