CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35567
https://notcve.org/view.php?id=CVE-2020-35567
16 Feb 2021 — An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances. Se detectó un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2. El software usa una contraseña segura para el acceso a la base de datos, pero esta contraseña es compartida entre instancias • https://cert.vde.com/de-de/advisories/vde-2021-003 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35568 – Sensitive Information Exposure in products of MB connect line and Helmholz
https://notcve.org/view.php?id=CVE-2020-35568
16 Feb 2021 — An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account. Se detectó un problema en la línea de conexión MB mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual en todas las versiones hasta la v2.11.2. Un filtro incompleto aplicado a una respuesta de la... • https://cert.vde.com/en/advisories/VDE-2021-003 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35559
https://notcve.org/view.php?id=CVE-2020-35559
16 Feb 2021 — An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users. Se detectó un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2. Existe una función en desuso que permite a un atacante autenticado usar todas las direcciones IP disponibles de una cuenta y, por lo tanto, no permite la creación d... • https://cert.vde.com/de-de/advisories/vde-2021-003 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35566 – Local file inclusion vulnerability in products of MB connect line and Helmholz
https://notcve.org/view.php?id=CVE-2020-35566
16 Feb 2021 — An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion. Se detectó un problema en la línea de conexión MB mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual en todas las versiones hasta la v2.11.2. Un atacante puede leer archivos JSON arbitrarios a través de la inclusión de archivos locales. • https://cert.vde.com/en/advisories/VDE-2021-003 • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35569
https://notcve.org/view.php?id=CVE-2020-35569
16 Feb 2021 — An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page. Se detectó un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2. Se presenta un problema de tipo auto XSS con una cookie diseñada en la página de inicio de sesión • https://cert.vde.com/de-de/advisories/vde-2021-003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35564
https://notcve.org/view.php?id=CVE-2020-35564
16 Feb 2021 — An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code. Se detectó un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2. Existe un componente obsoleto y sin uso que permite la entrada de código activo por parte de usuarios maliciosos • https://cert.vde.com/de-de/advisories/vde-2021-003 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35563
https://notcve.org/view.php?id=CVE-2020-35563
16 Feb 2021 — An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page. Se detectó un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2. Se presenta un filtro de XSS incompleto que permite a un atacante inyectar código malicioso diseñado en la página • https://cert.vde.com/de-de/advisories/vde-2021-003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35560
https://notcve.org/view.php?id=CVE-2020-35560
16 Feb 2021 — An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php. Se detectó un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2. Se presenta un redireccionamiento abierto no autenticado en el archivo redirect.php • https://cert.vde.com/de-de/advisories/vde-2021-003 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35558 – SSRF in products of MB connect line and Helmholz
https://notcve.org/view.php?id=CVE-2020-35558
16 Feb 2021 — An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials. Se detectó un problema en la línea de conexión MB mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual hasta la versión 2.11.2. Hay un SSRF en la en la comprobación de acceso a MySQL, lo que permite a un atacante escanear los... • https://cert.vde.com/en/advisories/VDE-2021-003 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 1%CPEs: 4EXPL: 0CVE-2020-35570 – Foreced Browsing vulnerability in products of MB connect line and Helmholz
https://notcve.org/view.php?id=CVE-2020-35570
16 Feb 2021 — An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing. Se detectó un problema en la línea de conexión MB mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual hasta la versión 2.11.2. Un atacante no autenticado es capaz de acceder a archivos (que deberían haber sido restringidos) a través de la navegación forzada. • https://cert.vde.com/en/advisories/VDE-2021-003 • CWE-425: Direct Request ('Forced Browsing') •