SureMDM
by 42gears
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-15657 | Hig | 0.51 | 7.3 | 0.02 | Feb 5, 2019 | An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter. | ||
| CVE-2018-15658 | Hig | 0.49 | 7.5 | 0.02 | Feb 5, 2019 | An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the… | ||
| CVE-2018-15656 | Hig | 0.49 | 7.5 | 0.02 | Feb 5, 2019 | An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system… | ||
| CVE-2018-15659 | Med | 0.42 | 6.5 | 0.01 | Feb 5, 2019 | An issue was discovered in 42Gears SureMDM before 2018-11-27, related to the access policy for Silverlight applications. Cross-origin access is possible. | ||
| CVE-2018-15655 | Med | 0.42 | 6.5 | 0.01 | Feb 5, 2019 | An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is possible. |
- risk 0.51cvss 7.3epss 0.02
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the…
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system…
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in 42Gears SureMDM before 2018-11-27, related to the access policy for Silverlight applications. Cross-origin access is possible.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is possible.