CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-3160

Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.143

EPSS Ranking 94.1%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://www.aca.fr/solution/assurex-solution-gestion-des-contrats-assurance/
https://www.digital.security/fr/sites/default/files/advisories/cert-ds_advisory_cve-2021-3160.txt
https://www.aca.fr/solution/assurex-solution-gestion-des-contrats-assurance/
https://www.digital.security/fr/sites/default/files/advisories/cert-ds_advisory_cve-2021-3160.txt

Products affected by CVE-2021-3160

Aca » Assuweb » Version: 359.3

cpe:2.3:a:aca:assuweb:359.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-3160

Products

Pricing

Contact Us