CVE-2023-1779

Name of the Vulnerable Software and Affected Versions mbCONNECT24 versions <=2.13.3 mymbCONNECT24 versions <=2.13.3 myREX24 versions <=2.13.3 myREX24.virtual versions <=2.13.3

Description The issue allows an authorized remote attacker with low privileges to view a limited amount of another account's contact information, due to exposure of sensitive information to an unauthorized actor.

Recommendations For versions <=2.13.3, update to a version greater than 2.13.3 to resolve the issue. As a temporary workaround, consider restricting access to sensitive contact information until a patch is available. Avoid using the affected software with low-privilege accounts in sensitive environments until the issue is resolved.