vulnerability for PAM360
does this vulnerability have fix. - X.509 Certificate Subject CN Does Not Match the Entity Name - Untrusted TLS/SSL server X.509 certificate - Missing HttpOnly Flag From Cookie - Missing Secure Flag From SSL Cookie - TLS/SSL Weak Message Authentication
Spring4Shell RCE vulnerability [CVE-2022-22965] - All you need to know
About the vulnerability: Tracked by CVE-2022-22965, the Spring4Shell is a zero-day vulnerability arising in the Spring Core Framework. CVE ID Description Impact CVE-2022-22965 Remote Code Execution Zero-day * The CVE-2022-22965 has been published.
CVE-2021-44228 - Log4Shell
Is the Edge Mobile device manager vulnerable to the new CVE-2021-44228 log4shell vulnerability? If so what is the solution for fixing it.
Fix for Security Issue in Mobile Device Manager Plus
Mobile Device Manager Plus has fixed an arbitrary file upload vulnerability. This vulnerability could otherwise have allowed a malicious user to upload any file without proper validation in the Windows app dependency file upload functionality. To exploit this vulnerability, the user must authenticate themselves by logging in to the Mobile Device Manager Plus console; they also need permissions to add apps to the App Repository. These two prerequisites reduce the chance of someone exploiting this
Fix for Security Issue in Mobile Device Manager Plus
Mobile Device Manager Plus has fixed an arbitrary file upload vulnerability which would have otherwise allowed users with malicious intent to upload any file without validation using the log upload functionality. The security fix is available in build #92684 and above. You can download the latest build from here. For any queries or assistance, please reach to our support team at mdm-support@manageengine.com. Follow #mdm-security for all security related updates in Mobile Device Manager Plus
Fix for Ghostcat Vulnerability (CVE 2020-1938) in Mobile Device Manager Plus
Mobile Device Manager Plus has released a security fix for the recently detected Ghostcat Vulnerability (CVE 2020-1938) which is a file read/inclusion vulnerability detected by Chaitin Tech. This vulnerability can be remotely exploited if the port 8009 is publicly exposed allowing users to read or include files in the webapp directories of Apache Tomcat. The security fix is released in build #92762 and you can download the latest build from here. Follow #security-updates for all security related
Fix for Security Issue in Mobile Device Manager Plus
Mobile Device Manager Plus has fixed a cross-site scripting (XSS) vulnerability recently detected by Ken Pyle, in it's latest update. This vulnerability allowed a user to view the cookies by running a param on the product login page. The security fix is available in build # 92698 and above. You can download the latest build from here. Follow #mdm-security for all security related updates in Mobile Device Manager Plus.