Vulnerabilities > CVE-2020-12529 - Server-Side Request Forgery (SSRF) vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mbconnectline

CWE-918

NVD

Published: 2021-03-02

Updated: 2021-03-09

Summary

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.

Vulnerable Configurations

Part	Description	Count
Application	Mbconnectline Mbconnectline Mbconnect24 - Mbconnectline Mbconnect24 2.5.0 Mbconnectline Mbconnect24 2.6.1 Mbconnectline Mbconnect24 2.6.2 Mbconnectline Mymbconnect24 - Mbconnectline Mymbconnect24 2.5.0 Mbconnectline Mymbconnect24 2.6.1 Mbconnectline Mymbconnect24 2.6.2	8

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://cert.vde.com/de-de/advisories/vde-2021-003