ID CVE-2018-15657
Summary An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:42gears:suremdm:6.34:*:*:*:*:*:*:*
    cpe:2.3:a:42gears:suremdm:6.34:*:*:*:*:*:*:*
  • cpe:2.3:a:42gears:suremdm:6.35:*:*:*:*:*:*:*
    cpe:2.3:a:42gears:suremdm:6.35:*:*:*:*:*:*:*
CVSS
Base: 1.9 (as of 21-02-2019 - 20:56)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:N/A:N
d2sec via4
name SureMDM File Disclosure
url http://www.d2sec.com/exploits/suremdm_file_disclosure.html
refmap via4
exploit-db 46305
misc https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/
Last major update 21-02-2019 - 20:56
Published 05-02-2019 - 03:29
Last modified 21-02-2019 - 20:56
Back to Top