Hussein Alsharafi

**Name of the Vulnerable Software and Affected Versions** MB Connect Lines mbCONNECT24 versions <= 2.13.3 mymbCONNECT24 versions <= 2.13.3 Helmholz' myREX24 versions <= 2.13.3 Helmholz' myREX24.virtual versions <= 2.13.3 **Description** An Authorization Bypass issue allows an authenticated remote user with low privileges to change the password of any user in the same account, potentially leading to a full account compromise by taking over the admin user. **Recommendations** For MB Connect Lines mbCONNECT24 versions <= 2.13.3, update to a version higher than 2.13.3 to resolve the issue. For mymbCONNECT24 versions <= 2.13.3, update to a version higher than 2.13.3 to resolve the issue. For Helmholz' myREX24 versions <= 2.13.3, update to a version higher than 2.13.3 to resolve the issue. For Helmholz' myREX24.virtual versions <= 2.13.3, update to a version higher than 2.13.3 to resolve the issue.