CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35564
https://notcve.org/view.php?id=CVE-2020-35564
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code. Se detectó un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2. Existe un componente obsoleto y sin uso que permite la entrada de código activo por parte de usuarios maliciosos • https://cert.vde.com/de-de/advisories/vde-2021-003 https://mbconnectline.com/security-advice • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35563
https://notcve.org/view.php?id=CVE-2020-35563
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page. Se detectó un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2. Se presenta un filtro de XSS incompleto que permite a un atacante inyectar código malicioso diseñado en la página • https://cert.vde.com/de-de/advisories/vde-2021-003 https://mbconnectline.com/security-advice • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35560
https://notcve.org/view.php?id=CVE-2020-35560
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php. Se detectó un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2. Se presenta un redireccionamiento abierto no autenticado en el archivo redirect.php • https://cert.vde.com/de-de/advisories/vde-2021-003 https://mbconnectline.com/security-advice • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35558 – SSRF in products of MB connect line and Helmholz
https://notcve.org/view.php?id=CVE-2020-35558
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials. Se detectó un problema en la línea de conexión MB mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual hasta la versión 2.11.2. Hay un SSRF en la en la comprobación de acceso a MySQL, lo que permite a un atacante escanear los puertos abiertos y obtener alguna información sobre posibles credenciales • https://cert.vde.com/en/advisories/VDE-2021-003 https://cert.vde.com/en/advisories/VDE-2022-039 https://mbconnectline.com/security-advice • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35570 – Foreced Browsing vulnerability in products of MB connect line and Helmholz
https://notcve.org/view.php?id=CVE-2020-35570
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing. Se detectó un problema en la línea de conexión MB mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual hasta la versión 2.11.2. Un atacante no autenticado es capaz de acceder a archivos (que deberían haber sido restringidos) a través de la navegación forzada. • https://cert.vde.com/en/advisories/VDE-2021-003 https://cert.vde.com/en/advisories/VDE-2022-039 https://mbconnectline.com/security-advice • CWE-425: Direct Request ('Forced Browsing') •