VYPR
Critical severity9.8NVD Advisory· Published Jan 28, 2021· Updated Jun 17, 2026

CVE-2021-3160

CVE-2021-3160

Description

Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server.

Affected products

3
  • ACA ASSUREX RENTES/ACA ASSUREX RENTESdescription
  • ACA/ASSUWEBllm-create
    Range: 359.3 build 1
  • Range: 359.3 build 1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.