First published: Tue Feb 16 2021(Updated: )
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mbconnectline Mbconnect24 | <=2.11.2 | |
Mbconnectline Mymbconnect24 | <=2.11.2 | |
Helmholz myREX24 | <=2.11.2 | |
Helmholz Myrex24.virtual | <=2.11.2 |
Update to 2.12.1
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35568 is a vulnerability discovered in MB connect line mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual versions up to v2.11.2.
CVE-2020-35568 has a severity level of medium (4.3).
An authenticated attacker can exploit CVE-2020-35568 by gaining non-public information about other users and devices in the system.
MB connect line mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual versions up to v2.11.2 are affected by CVE-2020-35568.
You can find more information about CVE-2020-35568 at the following references: [link1], [link2], [link3]