Netmotionsoftware
netmotionsoftware
6 CVEs • 2 products
Products (2)
Click to collapseToggle
Products (2)
Click to collapse
CVEs (6)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Netmotionsoftware 1Mobility Nov 21, 2024 Sep 16, 2021 N/A· v4 6.8 MEDIUM· v3 4.9 MEDIUM· v2 The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid cre...Show more |
The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group...Show more |
1Netmotionsoftware 1Netmotion Mobility Nov 21, 2024 Feb 8, 2021 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet. |
1Netmotionsoftware 1Netmotion Mobility Nov 21, 2024 Feb 8, 2021 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject. |
1Netmotionsoftware 1Netmotion Mobility Nov 21, 2024 Feb 8, 2021 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet. |
1Netmotionsoftware 1Netmotion Mobility Nov 21, 2024 Feb 8, 2021 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet. |