CVE-2022-22520

Summary

A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.

Affected Software

VendorProductVersion RangeStatus
MB connect linemymbCONNECT242 <= 2.11.2affected
MB connect linembCONNECT242 <= 2.11.2affected
HelmholzmyREX242 <= 2.11.2affected
HelmholzmyREX24.virtual2 <= 2.11.2affected

Weaknesses

  • CWE-204: CWE-204 Response Discrepancy Information Exposure

ADP Enrichment

CVE Program Container

Additional References

References