42Gears Suremdm vulnerabilities
6 known vulnerabilities affecting 42gears/suremdm.
Total CVEs
6
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2018-15657P3HIGHCVSS 7.3PoCfixed in 2018-11-272019-02-05
CVE-2018-15657 [HIGH] CWE-918 CVE-2018-15657: An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.a
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.
nvd
CVE-2023-3897P3MEDIUMCVSS 5.3PoC≤ 6.312023-07-25
CVE-2023-3897 [MEDIUM] CWE-203 CVE-2023-3897: Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows
Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message.
This issue affects SureMDM On-premise: 6.31 and below version
nvd
CVE-2018-15658P3HIGHCVSS 7.5fixed in 2018-11-272019-02-05
CVE-2018-15658 [HIGH] CWE-200 CVE-2018-15658: An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console
An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is loaded. This results in a list of unprotected API endpoints
nvd
CVE-2018-15656P3HIGHCVSS 7.5fixed in 2018-11-272019-02-05
CVE-2018-15656 [HIGH] CWE-200 CVE-2018-15656: An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An at
An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specified e-mail address. The request must be made with an "apiK
nvd
CVE-2018-15659P4MEDIUMCVSS 6.5fixed in 6.352019-02-05
CVE-2018-15659 [MEDIUM] CWE-200 CVE-2018-15659: An issue was discovered in 42Gears SureMDM before 2018-11-27, related to the access policy for Silve
An issue was discovered in 42Gears SureMDM before 2018-11-27, related to the access policy for Silverlight applications. Cross-origin access is possible.
nvd
CVE-2018-15655P4MEDIUMCVSS 6.5fixed in 6.352019-02-05
CVE-2018-15655 [MEDIUM] CWE-200 CVE-2018-15655: An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin
An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is possible.
nvd