CVE-2021-34580

HIGH

Mbconnectline Mbconnect24 < 2.9.0 - Information Disclosure

Title source: rule
STIX 2.1

Description

In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.

References (1)

Scores

CVSS v3 7.5
EPSS 0.0030
EPSS Percentile 53.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-204 CWE-203
Status published
Products (2)
mbconnectline/mbconnect24 < 2.9.0
mbconnectline/mymbconnect24 < 2.9.0
Published Oct 27, 2021
Tracked Since Feb 18, 2026