A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: CERTVDE
Published: 2022-09-14T14:05:30.024889Z
Updated: 2024-09-17T04:14:21.926Z
Reserved: 2022-01-03T00:00:00
Link: CVE-2022-22520
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-09-14T14:15:12.427
Modified: 2024-11-21T06:46:56.837
Link: CVE-2022-22520
Redhat
No data.