Vulnerability Details CVE-2021-26915
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.342
EPSS Ranking 96.8%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 9.3
References
- https://ssd-disclosure.com/?p=4676
- https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/
- https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020
- https://ssd-disclosure.com/?p=4676
- https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/
- https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020
Products affected by CVE-2021-26915
-
cpe:2.3:a:netmotionsoftware:netmotion_mobility:*
-
cpe:2.3:a:netmotionsoftware:netmotion_mobility:12.0