Access Validation Flaw in MB connect line mymbCONNECT24 and mbCONNECT24 Software
CVE-2020-12528

6.5MEDIUM

Key Information:

Vendor: Mb Connect Line
Status: Mymbconnect24; Mbconnect24
Vendor: CVE Published:; 2 March 2021

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2020-12528?

A vulnerability has been identified in the MB connect line mymbCONNECT24 and mbCONNECT24 software that affects all versions through V2.6.2. This flaw arises from improper access validation, permitting logged-in users to terminate web2go sessions of accounts they should not have permission to access. Such a weakness can lead to unauthorized session manipulation, potentially compromising account confidentiality and integrity.

Affected Version(s)

mbCONNECT24 2.6.2

mymbCONNECT24 2.6.2

References

https://cert.vde.com/de-de/advisories/vde-2021-003

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2021
Vulnerability Reserved
Apr 30, 2020

Credit

OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated.