CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-40066

The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v11.76 and Mobility v12.14.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.9%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 3.5

References

https://www.netmotionsoftware.com/security-advisories/cve-2021-40066
https://www.netmotionsoftware.com/security-advisories/cve-2021-40066

Products affected by CVE-2021-40066

Netmotionsoftware » Mobility » Version: Any

cpe:2.3:a:netmotionsoftware:mobility:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-40066

Products

Pricing

Contact Us