CVE-2021-40066

Summary

The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v11.76 and Mobility v12.14.

Affected Software

VendorProductVersion RangeStatus
n/aNetMotion Mobility10.70 to 12.12affected

Weaknesses

  • Incorrect access control in Mobility read-only API

ADP Enrichment

CVE Program Container

Additional References

References