Vulnerabilities (CVE)

Filtered by vendor Altova Subscribe
Filtered by product Mobiletogether Server
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-38490 1 Altova 1 Mobiletogether Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425.
CVE-2021-37425 1 Altova 1 Mobiletogether Server 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.