CVE-2021-34575: Information Exposure in mymbCONNECT24, mbCONNECT24 <= 2.8.0
First published: Mon Aug 02 2021(Updated: )
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mbconnectline Mbconnect24 | <=2.8.0 | |
| Mbconnectline Mymbconnect24 | <=2.8.0 |
Remedy
Update to version 2.9.0
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-34575.
What is the severity of CVE-2021-34575?
The severity of CVE-2021-34575 is high.
Which software versions are affected by CVE-2021-34575?
MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 are affected by CVE-2021-34575.
What can an unauthenticated user do with CVE-2021-34575?
An unauthenticated user can enumerate valid users by checking the server response.
Is there a fix available for CVE-2021-34575?
The fix for CVE-2021-34575 is currently not available. Please refer to the vendor for updates and patches.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/weakness
- agent/severity
- agent/title
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/mbconnectline
- canonical/mbconnectline mbconnect24
- version/mbconnectline mbconnect24/2.8.0
- canonical/mbconnectline mymbconnect24
- version/mbconnectline mymbconnect24/2.8.0