Critical severity9.8NVD Advisory· Published Jan 28, 2021· Updated Jun 17, 2026
CVE-2021-3160
CVE-2021-3160
Description
Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server.
Affected products
3- ACA ASSUREX RENTES/ACA ASSUREX RENTESdescription
- Range: 359.3 build 1
Patches
Vulnerability mechanics
References
2- www.aca.fr/solution/assurex-solution-gestion-des-contrats-assurance/nvdVendor Advisory
- www.digital.security/fr/sites/default/files/advisories/cert-ds_advisory_cve-2021-3160.txtnvdThird Party Advisory
News mentions
0No linked articles in our index yet.