Mobile Device Manager Plus has fixed an arbitrary file upload vulnerability. This vulnerability could otherwise have allowed a malicious user to upload any file without proper validation in the Windows app dependency file upload functionality.
To exploit this vulnerability, the user must authenticate themselves by logging in to the Mobile Device Manager Plus console; they also need permissions to add apps to the App Repository. These two prerequisites reduce the chance of someone exploiting this vulnerability.
The security fix is available in build #92789 and above. You can download the latest build from here. For any queries or assistance, please reach to our support team at mdm-support@manageengine.com.
Follow #mdm-security for all security related updates in Mobile Device Manager Plus