107 matches found
CVE-2023-51750
ScaleFusion 10.5.2 is affected by a vulnerability where the kiosk mode does not properly restrict users to the Edge application, allowing file downloads to occur. Public descriptions consistently report the issue and note the vendor’s stance that the product is not vulnerable if the default Windo...
CVE-2023-51748
ScaleFusion 10.5.2 is affected by a kiosk-mode security issue where Ctrl-O and Ctrl-S can bypass the Edge application restriction, potentially exposing the isolated environment. Root cause: insufficient access control in Scalefusion MDM Agent allowing users to access the file explorer. The issue ...
CVE-2023-51750
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...
CVE-2023-51751
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...
CVE-2023-51751
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...
Security Bulletin: IBM Edge Application Manager 4.5.3 addresses the security vulnerabilities listed in the CVEs below.
Summary IBM Edge Application Manager 4.5.3 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By inserting the X-XSRF-TOKE...
Security Bulletin: IBM Edge Application Manager 4.5.1 addresses security vulnerability listed in CVE below.
Summary IBM Edge Application Manager 4.5.1 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2022-2879 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by the failure to set a limit on the maximum size of file headers by Reader.Read. ...
Security Bulletin: IBM Edge Application Manager 4.5.1 addresses security vulnerability listed in CVE below.
Summary IBM Edge Application Manager 4.5.1 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2023-2251 DESCRIPTION: YAML is vulnerable to a denial of service, caused by an uncaught exception in the parseDocument and parseAllDocuments functions. By sendi...
Security Bulletin: IBM Edge Application Manager has a vulnerability listed in CVE 2023-28154. IBM has addressed this vulnerability.
Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in CVE 2023-28154. Vulnerability Details CVEID:CVE-2023-28154 DESCRIPTION: Webpack could allow a remote attacker to bypass security restrictions, caused by the mishandling of the magic comment feature by the...
Security Bulletin: IBM Edge Application Manager 4.5.1 addresses multiple security vulnerabilities
Summary IBM Edge Application Manager 4.5.1 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text...
Security Bulletin: IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below.
Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to bypass security restrictions, caused by improper regular expression implementation in the CORS...
Security Bulletin: IBM Edge Application Manager is vulnerable to an Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') due to Node.js ejs
Summary IBM Edge Application Manager 4.5 addresses the vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2022-29078 DESCRIPTION: Node.js ejs module could allow a remote attacker to execute arbitrary code on the system, caused by a server-side template injection flaw in...
Security Bulletin: IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities
Summary IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-23436 DESCRIPTION: Node.js immer module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw...
Security Bulletin: IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below.
Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2021-3918 DESCRIPTION: Json-schema could allow a remote attacker to execute arbitrary code on the system, caused by an improperly controlled modification of objec...
Security Bulletin: IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below.
Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2021-42740 DESCRIPTION: Node.js shell-quote module could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw with windows drive...
Security Bulletin: IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities
Summary IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-41190 DESCRIPTION: Open Container Initiative Distribution Specification could allow a remote authenticated attacker to bypass security restrictions,...
Security Bulletin: Open Source Dependency Vulnerability
Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-37603 DESCRIPTION: webpack loader-utils is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the interpolateName function in...
Security Bulletin: Open Source Dependency Vulnerability
Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-31030 DESCRIPTION: containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request using the ExecSync API, a local...
Security Bulletin: Open Source Dependency Vulnerability
Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2021-33587 DESCRIPTION: An unspecified error related to the failure to ensure that attribute parsing has Linear Time Complexity in Node.js css-what module has an unknown impact and attack...
Security Bulletin: Open Source Dependency Vulnerability
Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2020-7774 DESCRIPTION: Node.js y18n module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By sending a specially-crafted request, ...