mConnect
by MV
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-23283 | Hig | 0.49 | 7.5 | 0.01 | Jul 21, 2021 | Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker to know valid users from the application's database via brute force. | ||
| CVE-2020-23282 | Hig | 0.49 | 7.5 | 0.01 | Jul 21, 2021 | SQL injection in Logon Page in MV's mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get access to unauthorized information. |
- risk 0.49cvss 7.5epss 0.01
Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker to know valid users from the application's database via brute force.
- risk 0.49cvss 7.5epss 0.01
SQL injection in Logon Page in MV's mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get access to unauthorized information.