Security Vulnerability Advisory ------------------------------- CVE: CVE-2021-3160 Publication Date: 01.26.2021 Revision: 1.0 Link: https://digital.security/advisories/cert-ds_advisory_CVE-2021-3160.txt Title ----- ACA ASSUREX RENTES ASSUWEB 359.3 Java Deserialization - Unauthenticated Remote Code Execution Overview -------- Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server. Affected Products ----------------- - ASSUWEB 359.3.0 build 1 component of ACA ASSUREX RENTES product Details ------- The ASSUWEB web application component trusts an HTTP parameter used to transmit a serialized Java object from user's browser to web application. An attacker can inject an unsecured serialized Java object into this trusted parameter by crafting a special HTTP request via the login page ("/AssuWeb/jsp/login.jsf") of the web application. Then, the attacker is able to perform an unauthenticated remote code execution on the server hosting the web application. CVSSv3 Overall Score: 9.8 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Solution -------- Upgrading to ACA ASSUREX RENTES - ASSUWEB 359.4 build 1 Credits ------- This vulnerability was discovered by Vincent Rakotomanga from CERT digital.security. Revision History ---------------- Revision 1: 01.26.2021 / Initial release Timeline -------- 08.05.2020 - The vulnerability is found during a penetration test. Client and software's editor (ACA) are informed. 01.15.2021 - CVE publication process is engaged. The security advisory is sent to software's editor (ACA). 01.22.2021 - Answer from software's editor (ACA) with additional information 01.26.2021 - Public disclosure of the vulnerability and released advisory References ---------- - https://www.aca.fr/produit/assurex-rentes-saas/