CVE-2020-35567
First published: Tue Feb 16 2021(Updated: )
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mbconnectline Mbconnect24 | <=2.6.2 | |
| Mbconnectline Mymbconnect24 | <=2.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-35567.
What is the severity of CVE-2020-35567?
CVE-2020-35567 has a severity level of 7.8 out of 10, which is considered high.
What software is affected by CVE-2020-35567?
MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 versions up to 2.6.2 are affected by CVE-2020-35567.
What is the impact of CVE-2020-35567?
CVE-2020-35567 allows an attacker to access the database using a shared password.
How can I fix CVE-2020-35567?
To fix CVE-2020-35567, update MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 to version 2.6.2 or later and make sure to use unique passwords for database access.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/event
- agent/weakness
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/mbconnectline
- canonical/mbconnectline mbconnect24
- version/mbconnectline mbconnect24/2.6.2
- canonical/mbconnectline mymbconnect24
- version/mbconnectline mymbconnect24/2.6.2