Vulnerability in N/a
CVE-2021-37425
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.
EPSS: 0.663 (99.2th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-an… (x_refsource_MISC)
- www.redteam-pentesting.de/advisories/rt-sa-2021-002 (x_refsource_MISC)
- www.altova.com/mobiletogether (x_refsource_MISC)
- seclists.org/fulldisclosure/2021/Aug/12 (x_refsource_MISC)