Vulnerabilities > Mbconnectline

DATE CVE VULNERABILITY TITLE RISK
2021-08-02 CVE-2021-33526 Improper Privilege Management vulnerability in Mbconnectline Mbdialup
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.
local
low complexity
mbconnectline CWE-269
7.2
2021-08-02 CVE-2021-33527 Improper Input Validation vulnerability in Mbconnectline Mbdialup
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM that won't be validated correctly and allows for an arbitrary code execution with the privileges of the service.
local
low complexity
mbconnectline CWE-20
7.2
2021-08-02 CVE-2021-34574 Incorrect Resource Transfer Between Spheres vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.
network
low complexity
mbconnectline CWE-669
4.0
2021-08-02 CVE-2021-34575 Information Exposure Through Discrepancy vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.
network
low complexity
mbconnectline CWE-203
5.0
2021-03-02 CVE-2020-12530 Cross-site Scripting vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2.
4.3
2021-03-02 CVE-2020-12529 Server-Side Request Forgery (SSRF) vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.
network
low complexity
mbconnectline CWE-918
5.0
2021-03-02 CVE-2020-12528 Improper Privilege Management vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2.
network
low complexity
mbconnectline CWE-269
4.0
2021-03-02 CVE-2020-12527 Improper Privilege Management vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2.
network
low complexity
mbconnectline CWE-269
4.0
2021-02-16 CVE-2020-35570 Forced Browsing vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2.
network
low complexity
mbconnectline CWE-425
5.0
2021-02-16 CVE-2020-35569 Cross-site Scripting vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2.
4.3