Vulnerabilities > CVE-2021-34574 - Incorrect Resource Transfer Between Spheres vulnerability in multiple products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

mbconnectline

helmholz

CWE-669

NVD

Published: 2021-08-02

Updated: 2023-02-03

Summary

In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.

Vulnerable Configurations

Part	Description	Count
Application	Mbconnectline Mbconnectline Mbconnect24 - Mbconnectline Mbconnect24 2.5.0 Mbconnectline Mbconnect24 2.6.1 Mbconnectline Mbconnect24 2.6.2 Mbconnectline Mbconnect24 2.8.0 Mbconnectline Mbconnect24 2.11.2 Mbconnectline Mymbconnect24 - Mbconnectline Mymbconnect24 2.5.0 Mbconnectline Mymbconnect24 2.6.1 Mbconnectline Mymbconnect24 2.6.2 Mbconnectline Mymbconnect24 2.8.0 Mbconnectline Mymbconnect24 2.11.2	12
Application	Helmholz Helmholz Myrex24.Virtual 2.11.2 Helmholz Myrex24 2.11.2	2

Common Weakness Enumeration (CWE)

CWE-669 - Incorrect Resource Transfer Between Spheres

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References