Vulnerabilities > CVE-2021-34575 - Information Exposure Through Discrepancy vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mbconnectline

CWE-203

NVD

Published: 2021-08-02

Updated: 2021-08-10

Summary

In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.

Vulnerable Configurations

Part	Description	Count
Application	Mbconnectline Mbconnectline Mbconnect24 - Mbconnectline Mbconnect24 2.5.0 Mbconnectline Mbconnect24 2.6.1 Mbconnectline Mbconnect24 2.6.2 Mbconnectline Mymbconnect24 - Mbconnectline Mymbconnect24 2.5.0 Mbconnectline Mymbconnect24 2.6.1 Mbconnectline Mymbconnect24 2.6.2	8

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://cert.vde.com/de-de/advisories/vde-2021-030