← back
CVE-2021-37425

CVE-2021-37425

EPSS 66.3%
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/50191unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2021/Aug/12https://www.altova.com/mobiletogetherhttps://www.redteam-pentesting.de/advisories/rt-sa-2021-002https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses