CVE-2021-34575 - Vulnerability Details - OpenCVE

In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00274.

Key SSVC decision points have not yet been added.

Vendors	Products
Mbconnectline	Mbconnect24 Mymbconnect24

Configuration 1 [-]

OR	cpe:2.3:a:mbconnectline:mbconnect24::::::::
	cpe:2.3:a:mbconnectline:mymbconnect24::::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-21225	In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.

Fixes

Solution

Update to version 2.9.0

Workaround

No workaround given by the vendor.

References

Link	Providers
https://cert.vde.com/de-de/advisories/vde-2021-030

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2021-08-02T10:24:32.820190Z

Updated: 2024-09-16T22:46:43.672Z

Reserved: 2021-06-10T00:00:00

Link: CVE-2021-34575

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-08-02T11:15:11.417

Modified: 2024-11-21T06:10:44.050

Link: CVE-2021-34575

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "mymbCONNECT24", "vendor": "MB connect line", "versions": [{"lessThanOrEqual": "2.8.0", "status": "affected", "version": "2.8.0", "versionType": "custom"}]}, {"product": "mbCONNECT24", "vendor": "MB connect line", "versions": [{"lessThanOrEqual": "2.8.0", "status": "affected", "version": "2.8.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."}], "datePublic": "2021-07-23T00:00:00", "descriptions": [{"lang": "en", "value": "In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-203", "description": "CWE-203 Information Exposure Through Discrepancy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-02T10:24:32", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/de-de/advisories/vde-2021-030"}], "solutions": [{"lang": "en", "value": "Update to version 2.9.0"}], "source": {"advisory": "VDE-2021-030", "discovery": "EXTERNAL"}, "title": "Information Exposure in mymbCONNECT24, mbCONNECT24 <= 2.8.0", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2021-07-23T12:50:00.000Z", "ID": "CVE-2021-34575", "STATE": "PUBLIC", "TITLE": "Information Exposure in mymbCONNECT24, mbCONNECT24 <= 2.8.0"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "mymbCONNECT24", "version": {"version_data": [{"version_affected": "<=", "version_name": "2.8.0", "version_value": "2.8.0"}]}}, {"product_name": "mbCONNECT24", "version": {"version_data": [{"version_affected": "<=", "version_name": "2.8.0", "version_value": "2.8.0"}]}}]}, "vendor_name": "MB connect line"}]}}, "credit": [{"lang": "eng", "value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-203 Information Exposure Through Discrepancy"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/de-de/advisories/vde-2021-030", "refsource": "CONFIRM", "url": "https://cert.vde.com/de-de/advisories/vde-2021-030"}]}, "solution": [{"lang": "en", "value": "Update to version 2.9.0"}], "source": {"advisory": "VDE-2021-030", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:19:46.598Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert.vde.com/de-de/advisories/vde-2021-030"}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2021-34575", "datePublished": "2021-08-02T10:24:32.820190Z", "dateReserved": "2021-06-10T00:00:00", "dateUpdated": "2024-09-16T22:46:43.672Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDED8162-6FEE-4FDD-BFFC-93DDCE1CA011", "versionEndIncluding": "2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*", "matchCriteriaId": "29848C2B-8AE1-4D89-B9C6-A586C591D40A", "versionEndIncluding": "2.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends."}, {"lang": "es", "value": "En MB connect line mymbCONNECT24, mbCONNECT24 versiones anteriores a 2.8.0 incluy\u00e9ndolas, un usuario no autenticado puede enumerar usuarios v\u00e1lidos al comprobar qu\u00e9 tipo de respuesta env\u00eda el servidor"}], "id": "CVE-2021-34575", "lastModified": "2024-11-21T06:10:44.050", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-02T11:15:11.417", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/de-de/advisories/vde-2021-030"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/de-de/advisories/vde-2021-030"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "info@cert.vde.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}