VYPR

MobileTogether Server

by Altova

CVEs (2)

  • CVE-2021-37425Aug 10, 2021
    risk 0.04cvss epss 0.66

    Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.

  • CVE-2021-38490Aug 10, 2021
    risk 0.00cvss epss 0.01

    Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425.