PT-2020-12053 · Mb · Mbconnect24
Published
2020-04-14
·
Updated
2022-11-21
·
CVE-2020-10383
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
mbCONNECT24 versions prior to 2.5.0
mymbCONNECT24 versions prior to 2.5.0
Description
An issue was discovered in the mbCONNECT24 and mymbCONNECT24 software, allowing for unauthenticated remote code execution in the com mb24sysapi module.
Recommendations
For mbCONNECT24 versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue.
For mymbCONNECT24 versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue.
As a temporary workaround, consider disabling the com mb24sysapi module until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mbconnect24