Filtered by vendor Netmotionsoftware Subscriptions
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-40067 1 Netmotionsoftware 1 Mobility 2024-08-04 6.8 Medium
The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid credentials can read and write data to it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v12.14.
CVE-2021-40066 1 Netmotionsoftware 1 Mobility 2024-08-04 5.3 Medium
The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v11.76 and Mobility v12.14.
CVE-2021-26914 1 Netmotionsoftware 1 Netmotion Mobility 2024-08-03 8.1 High
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.
CVE-2021-26913 1 Netmotionsoftware 1 Netmotion Mobility 2024-08-03 8.1 High
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet.
CVE-2021-26915 1 Netmotionsoftware 1 Netmotion Mobility 2024-08-03 8.1 High
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.
CVE-2021-26912 1 Netmotionsoftware 1 Netmotion Mobility 2024-08-03 8.1 High
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.