PT-2021-22790 · Mobility · Mobility

Published

2021-09-16

Updated

2021-11-29

CVE-2021-40066

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mobility versions prior to 11.76 Mobility versions prior to 12.14

Description The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it, regardless of access control group membership settings.

Recommendations For Mobility versions prior to 11.76, update to version 11.76 or later to resolve the issue. For Mobility versions prior to 12.14, update to version 12.14 or later to resolve the issue.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2021-40066

Affected Products

Mobility

PT-2021-22790 · Mobility · Mobility

CVE-2021-40066

Weakness Enumeration

Related Identifiers

Affected Products

References · 4