Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server.
References
Link | Resource |
---|---|
https://www.aca.fr/solution/assurex-solution-gestion-des-contrats-assurance/ | Vendor Advisory |
https://www.digital.security/fr/sites/default/files/advisories/cert-ds_advisory_cve-2021-3160.txt | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-01-28T19:37:46
Updated: 2021-01-28T19:37:46
Reserved: 2021-01-15T00:00:00
Link: CVE-2021-3160
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-01-28T20:15:13.227
Modified: 2021-02-04T18:17:58.703
Link: CVE-2021-3160
JSON object: View
Redhat Information
No data.
CWE