PT-2020-12052 · Mb Connect Line · Mbconnect24
Published
2020-04-14
·
Updated
2022-11-21
·
CVE-2020-10382
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
mbCONNECT24 versions through 2.5.0
mymbCONNECT24 versions through 2.5.0
Description
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software. There is an authenticated remote code execution in the backup-scheduler.
Recommendations
For mbCONNECT24 versions through 2.5.0, update to a version later than 2.5.0 to resolve the issue.
For mymbCONNECT24 versions through 2.5.0, update to a version later than 2.5.0 to resolve the issue.
As a temporary workaround, consider disabling the backup-scheduler feature until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mbconnect24