Security Vulnerability Advisory
-------------------------------
CVE: CVE-2021-3160
Publication Date: 01.26.2021
Revision: 1.0
Link: https://digital.security/advisories/cert-ds_advisory_CVE-2021-3160.txt


Title
-----
ACA ASSUREX RENTES ASSUWEB 359.3 Java Deserialization - Unauthenticated Remote Code Execution


Overview
--------
Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server.


Affected Products
-----------------
- ASSUWEB 359.3.0 build 1 component of ACA ASSUREX RENTES product


Details
-------
The ASSUWEB web application component trusts an HTTP parameter used to transmit a serialized Java object from user's browser to web application.

An attacker can inject an unsecured serialized Java object into this trusted parameter by crafting a special HTTP request via the login page ("/AssuWeb/jsp/login.jsf") of the web application. 
Then, the attacker is able to perform an unauthenticated remote code execution on the server hosting the web application.

CVSSv3 Overall Score: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H


Solution
--------
Upgrading to ACA ASSUREX RENTES - ASSUWEB 359.4 build 1


Credits
-------
This vulnerability was discovered by Vincent Rakotomanga from CERT digital.security.


Revision History
----------------
Revision 1: 01.26.2021 / Initial release


Timeline
--------
08.05.2020 - The vulnerability is found during a penetration test. Client and software's editor (ACA) are informed.
01.15.2021 - CVE publication process is engaged. The security advisory is sent to software's editor (ACA).
01.22.2021 - Answer from software's editor (ACA) with additional information
01.26.2021 - Public disclosure of the vulnerability and released advisory


References 
----------
- https://www.aca.fr/produit/assurex-rentes-saas/