Vulnerabilities > CVE-2021-26914 - Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
netmotionsoftware
CWE-502

Summary

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.

Vulnerable Configurations

Part Description Count
Application
Netmotionsoftware
2

Common Weakness Enumeration (CWE)