Altova: >> Mobiletogether Server >> 7.3 Security Vulnerabilities
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.
CVSS Score
9.1
EPSS Score
0.075
Published
2021-08-10
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-10