Altova MobileTogether Server up to 7.3 /workflowmanagement xml external entity reference
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.7 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Altova MobileTogether Server up to 7.3 and classified as critical. This affects an unknown part of the file /workflowmanagement. This manipulation causes xml external entity reference. The identification of this vulnerability is CVE-2021-37425. Furthermore, there is an exploit available. Applying a patch is the recommended action to fix this issue.
Details
A vulnerability has been found in Altova MobileTogether Server up to 7.3 and classified as critical. Affected by this vulnerability is an unknown part of the file /workflowmanagement. The manipulation with an unknown input leads to a xml external entity reference vulnerability. The CWE definition for the vulnerability is CWE-611. The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was shared 08/11/2021. The advisory is shared at redteam-pentesting.de. This vulnerability is known as CVE-2021-37425. Technical details and also a public exploit are known.
It is possible to download the exploit at exploit-db.com. It is declared as proof-of-concept.
Applying the patch 7.3 SP1 is able to eliminate this problem.
The vulnerability is also documented in the vulnerability database at Exploit-DB (50191). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 5.7
VulDB Base Score: 6.3
VulDB Temp Score: 5.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Xml external entity referenceCWE: CWE-611 / CWE-610
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: 7.3 SP1
Timeline
07/23/2021 🔍08/11/2021 🔍
08/11/2021 🔍
10/28/2024 🔍
Sources
Advisory: redteam-pentesting.deStatus: Confirmed
CVE: CVE-2021-37425 (🔍)
GCVE (CVE): GCVE-0-2021-37425
GCVE (VulDB): GCVE-100-180589
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 08/11/2021 14:28Updated: 10/28/2024 23:28
Changes: 08/11/2021 14:28 (38), 08/16/2021 09:56 (2), 10/28/2024 23:28 (23)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.