CVE-2021-26915

Опубликовано: 08 фев. 2021

Источник: nvd

CVSS3: 8.1

CVSS2: 9.3

EPSS Средний

Описание

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.

Ссылки

https://ssd-disclosure.com/?p=4676
Exploit
Third Party Advisory
https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/
Exploit
Third Party Advisory
https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020
Vendor Advisory
https://ssd-disclosure.com/?p=4676
Exploit
Third Party Advisory
https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/
Exploit
Third Party Advisory
https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:netmotionsoftware:netmotion_mobility:*:*:*:*:*:*:*:*

Версия до 11.73 (исключая)

cpe:2.3:a:netmotionsoftware:netmotion_mobility:*:*:*:*:*:*:*:*

Версия от 12.0 (включая) до 12.02 (исключая)

EPSS

Процентиль: 97%

0.34158

Средний

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-hprp-8mpx-26q9

github

больше 3 лет назад