CVE-2021-3160

Name of the Vulnerable Software and Affected Versions ASSUWEB version 359.3 build 1

Description The issue concerns the deserialization of untrusted data in the login page, allowing a remote attacker to inject unsecure serialized Java objects using a specially crafted HTTP request. This results in an unauthenticated remote code execution on the server.

Recommendations For ASSUWEB version 359.3 build 1, consider disabling the login page functionality until a patch is available to prevent remote code execution. Restrict access to the login page to minimize the risk of exploitation. Avoid using the login page with untrusted data until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.