CVE-2023-4834
Summary
| CVE | CVE-2023-4834 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-10-16 09:15:00 UTC |
| Updated | 2023-10-24 14:52:00 UTC |
| Description | In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to. |
Risk And Classification
Problem Types: CWE-269
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Helmholz | Myrex24 | All | All | All | All |
| Application | Helmholz | Myrex24.virtual | All | All | All | All |
| Application | Mbconnectline | Mbconnect24 | All | All | All | All |
| Application | Mbconnectline | Mymbconnect24 | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VDE-2023-043 | CERT@VDE | MISC | cert.vde.com | |
| VDE-2023-041 | CERT@VDE | MISC | cert.vde.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.