NVD Vulnerability Detail

CVE-2021-34574

Summary	In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.
Publication Date	Aug. 2, 2021, 8:15 p.m.
Registration Date	Aug. 3, 2021, 10 a.m.
Last Update	Nov. 21, 2024, 3:10 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mbconnectline:mbconnect24::::::::		2.11.2
cpe:2.3:a:mbconnectline:mymbconnect24::::::::		2.11.2

Related information, measures and tools

No	URL	タグ
1	https://cert.vde.com/en/advisories/VDE-2021-030	Third Party Advisory
2	https://cert.vde.com/en/advisories/VDE-2021-030	Third Party Advisory
3	https://cert.vde.com/en/advisories/VDE-2022-039	Third Party Advisory
4	https://cert.vde.com/en/advisories/VDE-2022-039	Third Party Advisory

Common Vulnerabilities List

JVN Vulnerability Information

MB connect line mymbCONNECT24 および mbCONNECT24 における領域間での誤ったリソース移動に関する脆弱性

Title	MB connect line mymbCONNECT24 および mbCONNECT24 における領域間での誤ったリソース移動に関する脆弱性
Summary	MB connect line mymbCONNECT24 および mbCONNECT24 には、領域間での誤ったリソース移動に関する脆弱性が存在します。
Possible impacts	情報を改ざんされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	July 22, 2021, midnight
Registration Date	Sept. 8, 2022, 3:04 p.m.
Last Update	Sept. 8, 2022, 3:04 p.m.

Affected System

MB CONNECT LINE

mbCONNECT24 2.8.0 およびそれ以前

mymbCONNECT24 2.8.0 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-34574	https://www.cve.org/CVERecord?id=CVE-2021-34574
National Vulnerability Database (NVD)
2	CVE-2021-34574	https://nvd.nist.gov/vuln/detail/CVE-2021-34574

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-669	https://cwe.mitre.org/data/definitions/669.html

ベンダー情報

No	Name	URL
MB CONNECT LINE
1	Top Page	https://mbconnectline.com/

その他

No	Name	URL
関連文書
1	VDE-2021-030 (MB connect line: two vulnerabilities in mymbCONNECT24, mbCONNECT24 <= 2.8.0)	https://cert.vde.com/de-de/advisories/vde-2021-030

Change Log

No	Changed Details	Date of change
1	[2022年09月08日] 掲載	Sept. 8, 2022, 3:04 p.m.