RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one application to read arbitrary, non-binary files from the file system and perform server-side requests. The vulnerability can also be used to deny availability of the system. As an example, this advisory shows the compromise of the server’s certificate and private key. Versions 7.0 through 7.3 are affected.

You May Also Like

BlackMatter ransomware group claims to be Darkside and REvil succesor

BlackMatter ransomware gang, a new threat actor appears in the threat landscape…