Vulnerability Details CVE-2021-26912
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.354
EPSS Ranking 96.9%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 9.3
References
- https://ssd-disclosure.com/?p=4676
- https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/
- https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020
- https://ssd-disclosure.com/?p=4676
- https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/
- https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020
Products affected by CVE-2021-26912
-
cpe:2.3:a:netmotionsoftware:netmotion_mobility:*
-
cpe:2.3:a:netmotionsoftware:netmotion_mobility:12.0