CVE-2021-40067
N/A
N/A
Summary
The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid credentials can read and write data to it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v12.14.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | NetMotion Mobility | 12.0 to 12.12 | affected |
Weaknesses
- Incorrect access control in Mobility read-write API
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.