Vulnerability Description
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.
CVSS Score
8.1
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netmotionsoftware | Netmotion Mobility | < 11.73 |
Related Weaknesses (CWE)
References
- https://ssd-disclosure.com/?p=4676ExploitThird Party Advisory
- https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserExploitThird Party Advisory
- https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-Vendor Advisory
- https://ssd-disclosure.com/?p=4676ExploitThird Party Advisory
- https://ssd-disclosure.com/ssd-advisory-netmotion-mobility-server-multiple-deserExploitThird Party Advisory
- https://www.netmotionsoftware.com/security-advisories/security-vulnerability-in-Vendor Advisory
FAQ
What is CVE-2021-26912?
CVE-2021-26912 is a vulnerability with a CVSS score of 8.1 (HIGH). NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.
How severe is CVE-2021-26912?
CVE-2021-26912 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-26912?
Check the references section above for vendor advisories and patch information. Affected products include: Netmotionsoftware Netmotion Mobility.