First published: Wed Sep 14 2022(Updated: )
A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mbconnectline Mbconnect24 | <=2.11.2 | |
Mbconnectline Mymbconnect24 | <=2.11.2 | |
Helmholz myREX24 | <=2.11.2 | |
Helmholz Myrex24.virtual | <=2.11.2 |
Update to Version 2.12.1
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-22520 is a vulnerability that allows a remote, unauthenticated attacker to enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24, and Helmholz myREX24 and myREX24.virtual.
CVE-2022-22520 has a severity rating of medium with a CVSS score of 5.3.
CVE-2022-22520 affects versions up to and including v2.11.2 of MB connect line mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and Helmholz myREX24.virtual.
An attacker can exploit CVE-2022-22520 by sending specific requests to the webservice of the affected software to enumerate valid users.
Yes, you can find references for CVE-2022-22520 at the following links: [VDE-2022-011](https://cert.vde.com/en/advisories/VDE-2022-011) and [VDE-2022-039](https://cert.vde.com/en/advisories/VDE-2022-039).