VYPR
Vendor

NetMotion Software

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2021-26914HigFeb 8, 2021
    risk 0.62cvss 8.1epss 0.78

    NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.

  • CVE-2021-26915HigFeb 8, 2021
    risk 0.56cvss 8.1epss 0.42

    NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.

  • CVE-2021-26912HigFeb 8, 2021
    risk 0.56cvss 8.1epss 0.41

    NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.

  • CVE-2021-26913HigFeb 8, 2021
    risk 0.54cvss 8.1epss 0.13

    NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet.

  • CVE-2021-40067MedSep 16, 2021
    risk 0.44cvss 6.8epss 0.01

    The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid credentials can read and write data to it; regardless of…

  • CVE-2021-40066MedSep 16, 2021
    risk 0.34cvss 5.3epss 0.01

    The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group membership settings. This vulnerability is fixed in…