Altova Mobiletogether Server vulnerabilities
2 known vulnerabilities affecting altova/mobiletogether_server.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2021-37425P2CRITICALCVSS 9.1PoC≥ 7.0, < 7.3v7.32021-08-10
CVE-2021-37425 [CRITICAL] CWE-611 CVE-2021-37425: Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes at
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.
nvd
CVE-2021-38490P3HIGHCVSS 7.5≥ 7.0, < 7.3v7.32021-08-10
CVE-2021-38490 [HIGH] CVE-2021-38490: Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vul
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425.
nvd