Altova MobileTogether Server prior to 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
altova mobiletogether server |
||
altova mobiletogether server 7.3 |