A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2022-011 | Third Party Advisory VDB Entry |
https://cert.vde.com/en/advisories/VDE-2022-039 | Not Applicable |
Configurations
History
No history.
Information
Published : 2022-09-14 14:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-22520
Mitre link : CVE-2022-22520
CVE.ORG link : CVE-2022-22520
JSON object : View
Products Affected
mbconnectline
- mbconnect24
- mymbconnect24
helmholz
- myrex24
- myrex24.virtual
CWE
CWE-204
Observable Response Discrepancy