Description
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- MB connect line / mbCONNECT242.6.2 – 2.6.2
- MB connect line / mymbCONNECT242.6.2 – 2.6.2
References
- VENDOR_ADVISORYhttps://cert.vde.com/de-de/advisories/vde-2021-003