CVE-2022-22520

EPSS 0.3%
Published 14.09.2022 14:15:12
Last modified 21.11.2024 06:46:56
Source info@cert.vde.com
Teams watchlist Login
Open Login

A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Mbconnectline ≫ Mbconnect24 Version <= 2.11.2

Mbconnectline ≫ Mymbconnect24 Version <= 2.11.2

Helmholz ≫ Myrex24 Version <= 2.11.2

Helmholz ≫ Myrex24.Virtual Version <= 2.11.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.3%	0.529

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
info@cert.vde.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-204 Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

https://cert.vde.com/en/advisories/VDE-2022-039

Not Applicable

https://cert.vde.com/en/advisories/VDE-2022-011

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2022-22520

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22520

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22520

EUVD