Описание
An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account.
Ссылки
- MitigationThird Party Advisory
- MitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.13.3 (включая)Версия до 2.13.3 (включая)
Одно из
cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*
cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*
EPSS
Процентиль: 5%
0.00023
Низкий
8.8 High
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 8.8
github
больше 2 лет назад
An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account.
EPSS
Процентиль: 5%
0.00023
Низкий
8.8 High
CVSS3
Дефекты
CWE-639