CVE-2020-35570
Summary
| CVE | CVE-2020-35570 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-02-16 16:15:00 UTC |
| Updated | 2023-02-16 04:03:00 UTC |
| Description | An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing. |
Risk And Classification
Problem Types: CWE-425
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Helmholz | Myrex24 | All | All | All | All |
| Application | Helmholz | Myrex24.virtual | All | All | All | All |
| Application | Mbconnectline | Mbconnect24 | All | All | All | All |
| Application | Mbconnectline | Mbconnect24 | All | All | All | All |
| Application | Mbconnectline | Mymbconnect24 | All | All | All | All |
| Application | Mbconnectline | Mymbconnect24 | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| MB connect line: Multiple vulnerabilites in mymbCONNECT24 and mbCONNECT24 <= 2.6.2 — German (Germany) | MISC | cert.vde.com | Third Party Advisory |
| VDE-2021-003 | CERT@VDE | CONFIRM | cert.vde.com | |
| Security Advice - MB connect line GmbH | MISC | mbconnectline.com | Vendor Advisory |
| VDE-2022-039 | CERT@VDE | CONFIRM | cert.vde.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.