Mobiletogether Server

mobiletogether_server

Vendor: Altova • 2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-38490 1Altova 1Mobiletogether Server Nov 21, 2024 Aug 10, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425.
CVE-2021-37425 1Altova 1Mobiletogether Server Nov 21, 2024 Aug 10, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.