CVE-2021-40067

Name of the Vulnerable Software and Affected Versions Mobility versions prior to 12.14

Description The access controls on the Mobility read-write API improperly validate user access permissions. This API is disabled by default, but if manually enabled, attackers with network access to the API and valid credentials can read and write data to it, regardless of access control group membership settings.

Recommendations For versions prior to 12.14, update to Mobility version 12.14 to resolve the issue. As a temporary workaround, consider disabling the Mobility read-write API until the update is applied. Restrict access to the API to minimize the risk of exploitation.