HIGH🇵🇱 Wersja polska

CVE-2018-15658

CVSS 7.5v3.0pub. 2019-02-05upd. 2024-11-21

An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is loaded. This results in a list of unprotected API endpoints that disclose call logs, SMS logs, and user-account data.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • 42gears Suremdm

    APP
    42Gears
    < 2018-11-27
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2018-15656HIGH7.5ten sam produkt

An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can...

CVE-2018-15657HIGH7.3ten sam produkt

An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" ...

CVE-2023-3897MEDIUM4.8ten sam produkt

Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deploymen...

CVE-2018-15655MEDIUM6.5ten sam produkt

An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is...

CVE-2018-15659MEDIUM6.5ten sam produkt

An issue was discovered in 42Gears SureMDM before 2018-11-27, related to the access policy for Silverlight app...