CISA has published an advisory on SQL injection, cross-site request forgery, and command injection vulnerabilities in MB connect line mbCONNECT24 and mymbCONNECT 24. For both products, versions 2.6.1 and prior are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to gain unauthorized access to arbitrary information or allow remote code execution. MB connect line recommends users update mymbCONNECT24 and mbCONNECT24 to Version 2.6.2 or higher. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!