Vulnerability Details CVE-2021-34580
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2021-34580
-
cpe:2.3:a:mbconnectline:mbconnect24:-
-
cpe:2.3:a:mbconnectline:mbconnect24:2.5.0
-
cpe:2.3:a:mbconnectline:mbconnect24:2.6.1
-
cpe:2.3:a:mbconnectline:mbconnect24:2.6.2
-
cpe:2.3:a:mbconnectline:mbconnect24:2.8.0
-
cpe:2.3:a:mbconnectline:mymbconnect24:-
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.5.0
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.6.1
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.6.2
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.8.0