IBM3957595544660752C12C56D6B5606648BC7DEA29BF2FB317B06D2CE546420ACCSecurity Bulletin: IBM MaaS360 has identified a vulnerability in the MaaS360 MDM for Android Application (CVE-2024-35118)
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
21.4%
Summary
A vulnerability was identified and remediated in the IBM MaaS360 MDM for Android Application (Version 8.60 and Prior)
Vulnerability Details
CVEID:CVE-2024-35118
**DESCRIPTION:**IBM MaaS360 Android agent (v 8.55 and lower) is using hard coded credentials that can be obtained by a user with physical access to the device.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290341 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Maas360 MDM for Android App | 6.31 - 8.60 |
Remediation/Fixes
IBM encourages customers to update their systems promptly.
Update the MaaS360 MDM for Android to version 8.65 or greater.
The app is available in the Google Play store; update it manually on your device.
If the app is a managed app through the MaaS360 App Catalog, then follow the documentation here.
Workarounds and Mitigations
None
Affected configurations
Related
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
21.4%