Vulnerabilities > Netmotionsoftware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-16 | CVE-2021-40066 | Incorrect Permission Assignment for Critical Resource vulnerability in Netmotionsoftware Mobility The access controls on the Mobility read-only API improperly validate user access permissions. | 3.5 |
| 2021-09-16 | CVE-2021-40067 | Incorrect Permission Assignment for Critical Resource vulnerability in Netmotionsoftware Mobility The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. | 4.9 |
| 2021-02-08 | CVE-2021-26915 | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet. | 9.3 |
| 2021-02-08 | CVE-2021-26914 | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject. | 9.3 |
| 2021-02-08 | CVE-2021-26913 | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet. | 9.3 |
| 2021-02-08 | CVE-2021-26912 | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet. | 9.3 |