9.8
CVE-2020-35565
- EPSS 0.31%
- Published 16.02.2021 16:15:13
- Last modified 21.11.2024 05:27:35
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default.
Data is provided by the National Vulnerability Database (NVD)
Mbconnectline ≫ Mbconnect24 Version <= 2.6.2
Mbconnectline ≫ Mymbconnect24 Version <= 2.6.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.533 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-307 Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.