CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35564
https://notcve.org/view.php?id=CVE-2020-35564
16 Feb 2021 — An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code. Se detectó un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2. Existe un componente obsoleto y sin uso que permite la entrada de código activo por parte de usuarios maliciosos • https://cert.vde.com/de-de/advisories/vde-2021-003 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35563
https://notcve.org/view.php?id=CVE-2020-35563
16 Feb 2021 — An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page. Se detectó un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2. Se presenta un filtro de XSS incompleto que permite a un atacante inyectar código malicioso diseñado en la página • https://cert.vde.com/de-de/advisories/vde-2021-003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35560
https://notcve.org/view.php?id=CVE-2020-35560
16 Feb 2021 — An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php. Se detectó un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2. Se presenta un redireccionamiento abierto no autenticado en el archivo redirect.php • https://cert.vde.com/de-de/advisories/vde-2021-003 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35558 – SSRF in products of MB connect line and Helmholz
https://notcve.org/view.php?id=CVE-2020-35558
16 Feb 2021 — An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials. Se detectó un problema en la línea de conexión MB mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual hasta la versión 2.11.2. Hay un SSRF en la en la comprobación de acceso a MySQL, lo que permite a un atacante escanear los... • https://cert.vde.com/en/advisories/VDE-2021-003 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35570 – Foreced Browsing vulnerability in products of MB connect line and Helmholz
https://notcve.org/view.php?id=CVE-2020-35570
16 Feb 2021 — An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing. Se detectó un problema en la línea de conexión MB mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual hasta la versión 2.11.2. Un atacante no autenticado es capaz de acceder a archivos (que deberían haber sido restringidos) a través de la navegación forzada. • https://cert.vde.com/en/advisories/VDE-2021-003 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35557 – Improper Access Validation in products of MB connect line and Helmholz
https://notcve.org/view.php?id=CVE-2020-35557
16 Feb 2021 — An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation. Se detectó un problema en MB CONNECT LINE mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual en todas las versiones hasta la v2.11.2 permite a un usuario conectado ver dispositivos en la cuenta a la que no debería tener acceso debido al uso incor... • https://cert.vde.com/en/advisories/VDE-2021-003 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24568
https://notcve.org/view.php?id=CVE-2020-24568
02 Oct 2020 — An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information. Se detectó un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.1. Se presenta una inyección SQL ciega en el componente lancompenent, lo que permite a atacantes que han iniciado sesión detectar información arbitraria • https://mbconnectline.com/security-advice • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24570
https://notcve.org/view.php?id=CVE-2020-24570
29 Sep 2020 — An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link. Se detectó un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.1. Se presenta un problema de tipo CSRF (con un SSRF resultante) en el módulo com_mb24proxy, permitiendo a atacantes robar información de la sesión de los usuarios qu... • https://mbconnectline.com/security-advice • CWE-352: Cross-Site Request Forgery (CSRF) CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24569
https://notcve.org/view.php?id=CVE-2020-24569
29 Sep 2020 — An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information. Se detectó un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.1. Se presenta una inyección SQL ciega en el componente knximport por medio de un vector de ataque avanzado, permitiendo a atacantes registrados detectar información arbitraria • https://mbconnectline.com/security-advice • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10384
https://notcve.org/view.php?id=CVE-2020-10384
14 Apr 2020 — An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root account. Se detectó un problema en los software MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 en todas las versiones hasta 2.6.1. Se presenta una escalada de privilegios locales de la cuenta www-data a la cuenta root • https://cert.vde.com/de-de/advisories/vde-2021-003 • CWE-269: Improper Privilege Management •