XXE Vulnerability in Altova MobileTogether Server before 7.3 SP1 Allows Information Disclosure and Certificate Compromise

XXE Vulnerability in Altova MobileTogether Server before 7.3 SP1 Allows Information Disclosure and Certificate Compromise

CVE-2021-37425 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.

Learn more about our Cis Benchmark Audit For Server Software.