CVE-2020-35568

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*
cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*
cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-02-16 16:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-35568

Mitre link : CVE-2020-35568

CVE.ORG link : CVE-2020-35568


JSON object : View

Products Affected

helmholz

  • myrex24.virtual
  • myrex24

mbconnectline

  • mbconnect24
  • mymbconnect24
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor