vulnerability
NetMotion Mobility: Unauthenticated Java Deserialization (CVE-2021-26914)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Feb 8, 2021 | May 24, 2021 | Jan 12, 2023 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Feb 8, 2021
Added
May 24, 2021
Modified
Jan 12, 2023
Description
NetMotion Mobility before 11.73 and 12.x before 12.02 allows
unauthenticated remote attackers to execute arbitrary code as SYSTEM
because of Java deserialization in MvcUtil valueStringToObject.
Solution
http-netmotion-mobility-cve-2021-26914
References
- CVE-2021-26914
- https://attackerkb.com/topics/CVE-2021-26914
- URL-https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserialization-of-untrusted-data-lead-to-rce/
- URL-https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-mobility-web-server-november-19-2020
- URL-https://srcincite.io/advisories/src-2021-0007/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.