CVE-2020-12528

Summary

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to.

Affected Software

VendorProductVersion RangeStatus
MB connect linemymbCONNECT242.6.2 <= 2.6.2affected
MB connect linembCONNECT242.6.2 <= 2.6.2affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CVE Program Container

Additional References

References