Fix for Security Issue in Mobile Device Manager Plus MSP
Mobile Device Manager Plus MSP has fixed an arbitrary file upload vulnerability. This vulnerability could otherwise have allowed a malicious user to upload any file without proper validation in the Windows app dependency file upload functionality. To exploit this vulnerability, the user must authenticate themselves by logging in to the Mobile Device Manager Plus MSP console; they also need permissions to add apps to the App Repository. These two prerequisites reduce the chance of someone exploitingFix for Security Issue in Mobile Device Manager Plus MSP
Mobile Device Manager Plus MSP has fixed an arbitrary file upload vulnerability which would have otherwise allowed users with malicious intent to upload any file without validation using the log upload functionality. The security fix is available in build #92684 and above. You can download the latest build from here. For any queries or assistance, please reach to our support team at msp-mdm-support@manageengine.com. Follow #mdm-security for all security related updates in Mobile Device Manager PlusFix for Ghostcat Vulnerability (CVE 2020-1938) in Mobile Device Manager Plus MSP
Mobile Device Manager Plus MSP has released a security fix for the recently detected Ghostcat Vulnerability (CVE 2020-1938) which is a file read/inclusion vulnerability detected by Chaitin Tech. This vulnerability can be remotely exploited if the port 8009 is publicly exposed allowing users to read or include files in the webapp directories of Apache Tomcat. The security fix is released in build #92762 and you can download the latest build from here. Follow #security-updates for all security relatedFix for Security Issue in Mobile Device Manager Plus MSP
Mobile Device Manager Plus MSP has fixed a cross-site scripting (XSS) vulnerability recently detected by Ken Pyle, in it's latest update. This vulnerability allowed a user to view the cookies by running a param on the product login page. The security fix is available in build # 92698 and above. You can download the latest build from here. Follow #mdm-security for all security related updates on Mobile Device Manager Plus MSP.
New to ADSelfService Plus?
Announcements
Fix for Security Issue in Mobile Device Manager Plus MSP
Mobile Device Manager Plus MSP has fixed an arbitrary file upload vulnerability. This vulnerability could otherwise have allowed a malicious user to upload any file without proper validation in the Windows app dependency file upload functionality. To exploit this vulnerability, the user must authenticate themselves by logging in to the Mobile Device Manager Plus MSP console; they also need permissions to add apps to the App Repository. These two prerequisites reduce the chance of someone exploitingFix for Security Issue in Mobile Device Manager Plus MSP
Mobile Device Manager Plus MSP has fixed an arbitrary file upload vulnerability which would have otherwise allowed users with malicious intent to upload any file without validation using the log upload functionality. The security fix is available in build #92684 and above. You can download the latest build from here. For any queries or assistance, please reach to our support team at msp-mdm-support@manageengine.com. Follow #mdm-security for all security related updates in Mobile Device Manager PlusFix for Ghostcat Vulnerability (CVE 2020-1938) in Mobile Device Manager Plus MSP
Mobile Device Manager Plus MSP has released a security fix for the recently detected Ghostcat Vulnerability (CVE 2020-1938) which is a file read/inclusion vulnerability detected by Chaitin Tech. This vulnerability can be remotely exploited if the port 8009 is publicly exposed allowing users to read or include files in the webapp directories of Apache Tomcat. The security fix is released in build #92762 and you can download the latest build from here. Follow #security-updates for all security relatedFix for Security Issue in Mobile Device Manager Plus MSP
Mobile Device Manager Plus MSP has fixed a cross-site scripting (XSS) vulnerability recently detected by Ken Pyle, in it's latest update. This vulnerability allowed a user to view the cookies by running a param on the product login page. The security fix is available in build # 92698 and above. You can download the latest build from here. Follow #mdm-security for all security related updates on Mobile Device Manager Plus MSP.