exploitDog

GHSA-4jrw-3q8x-9gpf

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.2. Inproper use of access validation allows a logged in user to see devices in the account he should not have access to.

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.2. Inproper use of access validation allows a logged in user to see devices in the account he should not have access to.

Ссылки

EPSS

Процентиль: 49%

0.00257

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-200

CWE-269

Связанные уязвимости

CVE-2020-35557

CVSS3: 6.5

nvd

почти 5 лет назад

An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation.

EPSS

Процентиль: 49%

0.00257

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-200

CWE-269