) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:42gears:suremdm:6.35
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2018-15658 |
An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is loaded. This results in a list of unprotected API endpoints that disclose call logs, SMS logs, and user-account data. Published: February 04, 2019; 10:29:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2018-15657 |
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter. Published: February 04, 2019; 10:29:00 PM -0500 |
V3.0: 7.3 HIGH V2.0: 1.9 LOW |
| CVE-2018-15656 |
An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specified e-mail address. The request must be made with an "apiKey" value in the "ApiKey" header. Published: February 04, 2019; 10:29:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |