2 matches found
CVE-2020-23283
CVE-2020-23283 affects MV mConnect application v02.001.00 and enables information disclosure on the login page, allowing an attacker to determine valid users from the application’s database via brute force. Red Hat and other connected records corroborate the logon-page information disclosure; CNN...
CVE-2020-23282
The CVE-2020-23282 issue is a SQL injection in the login page of MV’s mConnect application (v02.001.00). The root cause is improper input handling on the Logon Page, enabling an attacker to bypass authentication by using a non-existent user with a generic password to access unauthorized informati...