Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by netmotionsoftware
CVE-2021-40067 (GCVE-0-2021-40067)
Vulnerability from cvelistv5 – Published: 2021-09-16 11:25 – Updated: 2024-08-04 02:27
VLAI
Summary
The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid credentials can read and write data to it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v12.14.
Severity
No CVSS data available.
CWE
- Incorrect access control in Mobility read-write API
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netmotionsoftware.com/security-adviso… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | NetMotion Mobility |
Affected:
12.0 to 12.12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netmotionsoftware.com/security-advisories/cve-2021-40067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetMotion Mobility",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.0 to 12.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid credentials can read and write data to it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v12.14."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect access control in Mobility read-write API",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-16T11:25:21.000Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "NetMotion"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netmotionsoftware.com/security-advisories/cve-2021-40067"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "SecurityResponse@netmotionsoftware.com",
"ID": "CVE-2021-40067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetMotion Mobility",
"version": {
"version_data": [
{
"version_value": "12.0 to 12.12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid credentials can read and write data to it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v12.14."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect access control in Mobility read-write API"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netmotionsoftware.com/security-advisories/cve-2021-40067",
"refsource": "MISC",
"url": "https://www.netmotionsoftware.com/security-advisories/cve-2021-40067"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "NetMotion",
"cveId": "CVE-2021-40067",
"datePublished": "2021-09-16T11:25:21.000Z",
"dateReserved": "2021-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:27:31.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40066 (GCVE-0-2021-40066)
Vulnerability from cvelistv5 – Published: 2021-09-16 11:18 – Updated: 2024-08-04 02:27
VLAI
Summary
The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v11.76 and Mobility v12.14.
Severity
No CVSS data available.
CWE
- Incorrect access control in Mobility read-only API
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netmotionsoftware.com/security-adviso… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | NetMotion Mobility |
Affected:
10.70 to 12.12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netmotionsoftware.com/security-advisories/cve-2021-40066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetMotion Mobility",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "10.70 to 12.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v11.76 and Mobility v12.14."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect access control in Mobility read-only API",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-16T11:18:27.000Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "NetMotion"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netmotionsoftware.com/security-advisories/cve-2021-40066"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "SecurityResponse@netmotionsoftware.com",
"ID": "CVE-2021-40066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetMotion Mobility",
"version": {
"version_data": [
{
"version_value": "10.70 to 12.12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v11.76 and Mobility v12.14."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect access control in Mobility read-only API"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netmotionsoftware.com/security-advisories/cve-2021-40066",
"refsource": "MISC",
"url": "https://www.netmotionsoftware.com/security-advisories/cve-2021-40066"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "NetMotion",
"cveId": "CVE-2021-40066",
"datePublished": "2021-09-16T11:18:27.000Z",
"dateReserved": "2021-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:27:31.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26915 (GCVE-0-2021-26915)
Vulnerability from cvelistv5 – Published: 2021-02-08 21:04 – Updated: 2024-08-03 20:33
VLAI
Summary
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ssd-disclosure.com/?p=4676 | x_refsource_MISC |
| https://www.netmotionsoftware.com/security-adviso… | x_refsource_MISC |
| https://ssd-disclosure.com/ssd-advisory-netmotion… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ssd-disclosure.com/?p=4676"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-08T21:04:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ssd-disclosure.com/?p=4676"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ssd-disclosure.com/?p=4676",
"refsource": "MISC",
"url": "https://ssd-disclosure.com/?p=4676"
},
{
"name": "https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020",
"refsource": "MISC",
"url": "https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020"
},
{
"name": "https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/",
"refsource": "MISC",
"url": "https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26915",
"datePublished": "2021-02-08T21:04:27.000Z",
"dateReserved": "2021-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:33:41.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26914 (GCVE-0-2021-26914)
Vulnerability from cvelistv5 – Published: 2021-02-08 21:04 – Updated: 2024-08-03 20:33
VLAI
Summary
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://ssd-disclosure.com/?p=4676 | x_refsource_MISC |
| https://www.netmotionsoftware.com/security-adviso… | x_refsource_MISC |
| https://ssd-disclosure.com/ssd-advisory-netmotion… | x_refsource_MISC |
| http://packetstormsecurity.com/files/162617/NetMo… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ssd-disclosure.com/?p=4676"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162617/NetMotion-Mobility-Server-MvcUtil-Java-Deserialization.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-18T17:06:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ssd-disclosure.com/?p=4676"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162617/NetMotion-Mobility-Server-MvcUtil-Java-Deserialization.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ssd-disclosure.com/?p=4676",
"refsource": "MISC",
"url": "https://ssd-disclosure.com/?p=4676"
},
{
"name": "https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020",
"refsource": "MISC",
"url": "https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020"
},
{
"name": "https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/",
"refsource": "MISC",
"url": "https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/"
},
{
"name": "http://packetstormsecurity.com/files/162617/NetMotion-Mobility-Server-MvcUtil-Java-Deserialization.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162617/NetMotion-Mobility-Server-MvcUtil-Java-Deserialization.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26914",
"datePublished": "2021-02-08T21:04:19.000Z",
"dateReserved": "2021-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:33:41.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26913 (GCVE-0-2021-26913)
Vulnerability from cvelistv5 – Published: 2021-02-08 21:04 – Updated: 2024-08-03 20:33
VLAI
Summary
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ssd-disclosure.com/?p=4676 | x_refsource_MISC |
| https://www.netmotionsoftware.com/security-adviso… | x_refsource_MISC |
| https://ssd-disclosure.com/ssd-advisory-netmotion… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ssd-disclosure.com/?p=4676"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-08T21:04:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ssd-disclosure.com/?p=4676"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ssd-disclosure.com/?p=4676",
"refsource": "MISC",
"url": "https://ssd-disclosure.com/?p=4676"
},
{
"name": "https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020",
"refsource": "MISC",
"url": "https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020"
},
{
"name": "https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/",
"refsource": "MISC",
"url": "https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26913",
"datePublished": "2021-02-08T21:04:10.000Z",
"dateReserved": "2021-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:33:41.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26912 (GCVE-0-2021-26912)
Vulnerability from cvelistv5 – Published: 2021-02-08 21:04 – Updated: 2024-08-03 20:33
VLAI
Summary
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ssd-disclosure.com/?p=4676 | x_refsource_MISC |
| https://www.netmotionsoftware.com/security-adviso… | x_refsource_MISC |
| https://ssd-disclosure.com/ssd-advisory-netmotion… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ssd-disclosure.com/?p=4676"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-08T21:04:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ssd-disclosure.com/?p=4676"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ssd-disclosure.com/?p=4676",
"refsource": "MISC",
"url": "https://ssd-disclosure.com/?p=4676"
},
{
"name": "https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020",
"refsource": "MISC",
"url": "https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020"
},
{
"name": "https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/",
"refsource": "MISC",
"url": "https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26912",
"datePublished": "2021-02-08T21:04:02.000Z",
"dateReserved": "2021-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:33:41.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}