Vulners
Lucene search
Kony EMM 1.2 Insecure Direct Object Reference
🗓️ 23 Feb 2015 00:00:00Reported by Michael HendrickxType 
packetstorm🔗 packetstormsecurity.com👁 60 Views
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | Multiple Information Disclosure Vulnerabilities in Kony Enterprise Mobile Management | 26 Feb 201500:00 | – | cnvd |
 | CVE-2014-8487 | 24 Feb 201515:00 | – | cve |
 | CVE-2014-8487 | 24 Feb 201515:00 | – | cvelist |
 | EUVD-2014-8324 | 7 Oct 202500:30 | – | euvd |
 | CVE-2014-8487 | 24 Feb 201515:59 | – | nvd |
 | Code injection | 24 Feb 201515:59 | – | prion |
 | CVE-2014-8487: Kony EMM insecurity Direct Object Reference | 23 Mar 201500:00 | – | securityvulns |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 23 Mar 201500:00 | – | securityvulns |
`------------------------------------------------------------------------
Product: Enterprise Mobile Management
Vendor: Kony
Vulnerable Version(s): Kony EMM 1.2 and probably older versions
Tested Version: Drupal Kony EMM 1.2
Advisory Publication: 24 December 2014
Vendor Notification: 8 December 2014
Vulnerability Type: Insecure Direct Object References
CVE Reference: CVE-2014-8487
Risk Level: Low Solution
Status: Solution not yet released
Discovered and Provided: Michael Hendrickx, Help AG
------------------------------------------------------------------------
About the vendor:
Kony EMM is a mobile management suite that allows organizations to manage employee's personal devices. It enables users to use their own device, or as often called BYOD or "bring your own device".
About the vulnerability:
During a pentest we discovered that a logged in user can access arbitrary information such as messages and phone information about every phone that's enrolled ot the solution. Often the user's colleagues:
1.) Arbitrary Message retrieval
By using the following URL:
https://<kony_emm>/emm/selfservice/managedevice/getMessageBody?messageId=<message ID>
Where <message ID> is an integer, an attacker can retrieve all messages sent to every mobile enrolled on the system.
2.) Information retrieval
By going to the following URL
https://<kony_emm>/emm/selfservice/devicemgmt/getDeviceInfoTab.htm?requestId=<request_id>&..."
An attacker can retrieve earlier "requests". A request "task" is generated when a person requests more information about his/her phone, such as IMEI numbers, phone, last locations, etc.
-----------------------
Solution:
The vendor was notified, contact the vendor for the patch details
References:
[1] help AG middle East http://www.helpag.com/
[2] Kony https://kony.com/
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
23 Feb 2015 00:00Current
6.7Medium risk
Vulners AI Score6.7
EPSS0.00284