Description
Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected products
- Helmholz / myREX240 – 2.13.3
- Helmholz / myREX24.virtual0 – 2.13.3
- MB connect line / mbCONNECT241.0.0 – 2.13.3
- MB connect line / mymbCONNECT241.0.0 – 2.13.3
References
- VENDOR_ADVISORYhttps://cert.vde.com/en/advisories/VDE-2023-008/