487 matches found
CVE-2020-35561
Summary of CVE-2020-35561 : In MB connect line products (mymbCONNECT24 and mbCONNECT24) and related Helmholz components, there is a Server-Side Request Forgery (SSRF) vulnerability in the HA module across all versions up to v2.11.2. This allows an unauthenticated attacker to scan for open ports o...
CVE-2020-35561 SSRF in variuos products of MB connect line and Helmholz
An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports...
CVE-2020-35565
MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 (versions up to 2.6.2) have a login brute-force protection setting that is disabled by default, creating potential unauthorized access risk. Red Hat and CISA advisories summarize this as CVE-2020-35565 with a CVSS v3 base score of 5.9 (C:H/I:N/A:N) an...
CVE-2020-35565
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default...
CVE-2020-35567
MB connect line MB CONNECT LINE mbCONNECT24 and mymbCONNECT24 (versions up to 2.6.2) expose a shared database password across instances, enabling potential unauthorized access to sensitive data and impact to confidentiality, integrity, and availability (CVE-2020-35567). The issue is part of a bro...
CVE-2020-35568 Sensitive Information Exposure in products of MB connect line and Helmholz
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the...
CVE-2020-35568
MB Connect Line products mbCONNECT24, mymbCONNECT24, and Helmholz MyREX24/MyREX24.virtual (versions through 2.11.2) are affected by CVE-2020-35568 due to an incomplete filter on a database response that allows an authenticated attacker to gain non-public information about other users and devices ...
CVE-2020-35559
MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 (up to version 2.6.2) contain an unused function that allows an authenticated attacker to exhaust all available IPs for an account, preventing creation of new devices and users. This is categorized as Uncontrolled Resource Consumption (CWE-400). The C...
CVE-2020-35559
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users...
CVE-2020-35566 Local file inclusion vulnerability in products of MB connect line and Helmholz
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion...
CVE-2020-35566
The CVE-2020-35566 issue affects MB connect line products: mymbCONNECT24 (up to v2.11.2), mbCONNECT24, and Helmholz myREX24 / myREX24.virtual (up to v2.11.2). The vulnerability is a Local File Inclusion that enables an attacker to read arbitrary JSON files. Connected sources consistently describe...
CVE-2020-35569
MB CONNECT LINE MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 (affected up to v2.6.2) are vulnerable to a self XSS in the login page via a crafted cookie. The CVE entry CVE-2020-35569 documents this issue; RedHat/CISA and CNVD entries corroborate the XSS vulnerability; the separate ICSA advisory ...
CVE-2020-35569
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page...
CVE-2020-35564
MB CONNECT LINE’s MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 (affected up to v2.6.2) contain an outdated, unused component that allows malicious input of active code. This CVE (CVE-2020-35564) is documented with a CVSS v3 base score of 7.5 (HIGH) and describes remote, unauthenticated risk due ...
CVE-2020-35564
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code...
CVE-2020-35563
CVE-2020-35563 affects MB Connect Line products mymbCONNECT24 and mbCONNECT24 up to version 2.6.2. The issue is an incomplete XSS filter that allows an attacker to inject crafted malicious code into the page. This is documented across multiple connected sources (NVD entry for CVE-2020-35563; Red ...
CVE-2020-35563
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page...
CVE-2020-35560
The CVE affects MB Connect Line products mbCONNECT24 and mymbCONNECT24 up to version 2.6.2, with an unauthenticated open redirect in redirect.php. Connected sources confirm this is a straightforward open-redirect flaw without documented exploit details in the provided documents. MB connect line m...
CVE-2020-35560
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php...
CVE-2020-35558
CVE-2020-35558 affects MB connect line products MB CONNECT LINE mymbCONNECT24, mbCONNECT24 and Helmholz myREX24/myREX24.virtual up to version 2.11.2. The issue is a server-side request forgery (SSRF) in the MySQL access check that allows an attacker to scan for open ports and obtain information a...