CVE-2021-34580

🗓️ 27 Oct 2021 10:25:09Reported by CERTVDEType

mymbCONNECT24 <= 2.9.0 allows unauthenticated user enumeration of valid backend users.

Reporter	Title	Published	Views	Family All 6
CNNVD	MB CONNECT LINE mbCONNECT24和MB CONNECT LINE mymbCONNECT24 安全漏洞	27 Oct 202100:00	–	cnnvd
Cvelist	CVE-2021-34580 Remote user enumeration in mymbCONNECT24, mbCONNECT24 <= 2.9.0	27 Oct 202110:25	–	cvelist
EUVD	EUVD-2021-21230	7 Oct 202500:30	–	euvd
NVD	CVE-2021-34580	27 Oct 202111:15	–	nvd
OSV	CVE-2021-34580	27 Oct 202111:15	–	osv
Prion	Code injection	27 Oct 202111:15	–	prion

NVD

Vulners

Node

mbconnectline mbconnect24Range≤2.9.0

mbconnectline mymbconnect24Range≤2.9.0

[
  {
    "product": "mymbCONNECT24",
    "vendor": "MB connect line",
    "versions": [
      {
        "lessThanOrEqual": "2.9.0",
        "status": "affected",
        "version": "2.9.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "mbCONNECT24",
    "vendor": "MB connect line",
    "versions": [
      {
        "lessThanOrEqual": "2.9.0",
        "status": "affected",
        "version": "2.9.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en/advisories/VDE-2021-037/

21 Nov 2024 06:10Current

7.7High risk

Vulners AI Score7.7

CVSS 25

CVSS 3.17.5

EPSS0.00297