Vulnerability Details CVE-2021-37425
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.075
EPSS Ranking 91.4%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- http://seclists.org/fulldisclosure/2021/Aug/12
- https://www.altova.com/mobiletogether
- https://www.redteam-pentesting.de/advisories/rt-sa-2021-002
- https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses
- http://seclists.org/fulldisclosure/2021/Aug/12
- https://www.altova.com/mobiletogether
- https://www.redteam-pentesting.de/advisories/rt-sa-2021-002
- https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses
Products affected by CVE-2021-37425
-
cpe:2.3:a:altova:mobiletogether_server:7.0
-
cpe:2.3:a:altova:mobiletogether_server:7.3