Lucene search
+L

487 matches found

CVE
CVE
added 2021/02/16 3:49 p.m.50 views

CVE-2020-35561

Summary of CVE-2020-35561 : In MB connect line products (mymbCONNECT24 and mbCONNECT24) and related Helmholz components, there is a Server-Side Request Forgery (SSRF) vulnerability in the HA module across all versions up to v2.11.2. This allows an unauthenticated attacker to scan for open ports o...

5.3CVSS5.7AI score0.01193EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2021/02/16 3:49 p.m.13 views

CVE-2020-35561 SSRF in variuos products of MB connect line and Helmholz

An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports...

5.3CVSS5.2AI score0.01193EPSS
Exploits0References3
CVE
CVE
added 2021/02/16 3:47 p.m.46 views

CVE-2020-35565

MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 (versions up to 2.6.2) have a login brute-force protection setting that is disabled by default, creating potential unauthorized access risk. Red Hat and CISA advisories summarize this as CVE-2020-35565 with a CVSS v3 base score of 5.9 (C:H/I:N/A:N) an...

9.8CVSS9.3AI score0.01051EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2021/02/16 3:47 p.m.25 views

CVE-2020-35565

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default...

9.5AI score0.01051EPSS
Exploits0References2
CVE
CVE
added 2021/02/16 3:45 p.m.65 views

CVE-2020-35567

MB connect line MB CONNECT LINE mbCONNECT24 and mymbCONNECT24 (versions up to 2.6.2) expose a shared database password across instances, enabling potential unauthorized access to sensitive data and impact to confidentiality, integrity, and availability (CVE-2020-35567). The issue is part of a bro...

7.8CVSS7.6AI score0.00236EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2021/02/16 3:44 p.m.32 views

CVE-2020-35568 Sensitive Information Exposure in products of MB connect line and Helmholz

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the...

4.3CVSS4.6AI score0.00933EPSS
Exploits0References3
CVE
CVE
added 2021/02/16 3:44 p.m.50 views

CVE-2020-35568

MB Connect Line products mbCONNECT24, mymbCONNECT24, and Helmholz MyREX24/MyREX24.virtual (versions through 2.11.2) are affected by CVE-2020-35568 due to an incomplete filter on a database response that allows an authenticated attacker to gain non-public information about other users and devices ...

4.3CVSS5AI score0.00933EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2021/02/16 3:42 p.m.55 views

CVE-2020-35559

MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 (up to version 2.6.2) contain an unused function that allows an authenticated attacker to exhaust all available IPs for an account, preventing creation of new devices and users. This is categorized as Uncontrolled Resource Consumption (CWE-400). The C...

4.3CVSS4.6AI score0.00781EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2021/02/16 3:42 p.m.16 views

CVE-2020-35559

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users...

4.6AI score0.00781EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/02/16 3:40 p.m.23 views

CVE-2020-35566 Local file inclusion vulnerability in products of MB connect line and Helmholz

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion...

5.3CVSS5.3AI score0.012EPSS
Exploits0References3
CVE
CVE
added 2021/02/16 3:40 p.m.63 views

CVE-2020-35566

The CVE-2020-35566 issue affects MB connect line products: mymbCONNECT24 (up to v2.11.2), mbCONNECT24, and Helmholz myREX24 / myREX24.virtual (up to v2.11.2). The vulnerability is a Local File Inclusion that enables an attacker to read arbitrary JSON files. Connected sources consistently describe...

5.3CVSS5.7AI score0.012EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2021/02/16 3:37 p.m.43 views

CVE-2020-35569

MB CONNECT LINE MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 (affected up to v2.6.2) are vulnerable to a self XSS in the login page via a crafted cookie. The CVE entry CVE-2020-35569 documents this issue; RedHat/CISA and CNVD entries corroborate the XSS vulnerability; the separate ICSA advisory ...

6.1CVSS5.9AI score0.0063EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2021/02/16 3:37 p.m.21 views

CVE-2020-35569

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page...

6AI score0.0063EPSS
Exploits0References2
CVE
CVE
added 2021/02/16 3:35 p.m.48 views

CVE-2020-35564

MB CONNECT LINE’s MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 (affected up to v2.6.2) contain an outdated, unused component that allows malicious input of active code. This CVE (CVE-2020-35564) is documented with a CVSS v3 base score of 7.5 (HIGH) and describes remote, unauthenticated risk due ...

7.5CVSS7.5AI score0.00894EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2021/02/16 3:35 p.m.13 views

CVE-2020-35564

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code...

7.6AI score0.00894EPSS
Exploits0References2
CVE
CVE
added 2021/02/16 3:30 p.m.44 views

CVE-2020-35563

CVE-2020-35563 affects MB Connect Line products mymbCONNECT24 and mbCONNECT24 up to version 2.6.2. The issue is an incomplete XSS filter that allows an attacker to inject crafted malicious code into the page. This is documented across multiple connected sources (NVD entry for CVE-2020-35563; Red ...

5.4CVSS5.3AI score0.00505EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2021/02/16 3:30 p.m.23 views

CVE-2020-35563

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page...

5.3AI score0.00505EPSS
Exploits0References2
CVE
CVE
added 2021/02/16 3:28 p.m.44 views

CVE-2020-35560

The CVE affects MB Connect Line products mbCONNECT24 and mymbCONNECT24 up to version 2.6.2, with an unauthenticated open redirect in redirect.php. Connected sources confirm this is a straightforward open-redirect flaw without documented exploit details in the provided documents. MB connect line m...

6.1CVSS6.3AI score0.00631EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2021/02/16 3:28 p.m.16 views

CVE-2020-35560

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php...

6.4AI score0.00631EPSS
Exploits0References2
CVE
CVE
added 2021/02/16 3:26 p.m.63 views

CVE-2020-35558

CVE-2020-35558 affects MB connect line products MB CONNECT LINE mymbCONNECT24, mbCONNECT24 and Helmholz myREX24/myREX24.virtual up to version 2.11.2. The issue is a server-side request forgery (SSRF) in the MySQL access check that allows an attacker to scan for open ports and obtain information a...

7.5CVSS7.6AI score0.01479EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder