Design/Logic Flaw

2019-02-0503:29:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.4%

JSON

An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is loaded. This results in a list of unprotected API endpoints that disclose call logs, SMS logs, and user-account data.

CPENameOperatorVersion
suremdmeq< 20181127

CPE	Name	Operator	Version
	suremdm	eq	< 20181127

References

research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/