45 matches found
Code injection
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...
Code injection
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...
Design/Logic Flaw
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...
Code injection
In ScaleFusion Windows Desktop App agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...
CVE-2023-50159
In ScaleFusion Windows Desktop App agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...
CVE-2023-50159
ScaleFusion (Windows Desktop App) agent 10.5.2 is affected by a kiosk-mode bypass vulnerability that can lead to arbitrary code execution. The issue is mitigated in version 10.5.7 by preventing the launching of File Explorer within Agent-based Multi-App and Single App Kiosk modes. CVSS v3.1 metri...
ScaleFusion Security Vulnerabilities
ScaleFusion is a mobile device management and unified endpoint management application from ScaleFusion. A security vulnerability exists in Scalefusion kiosk version 10.5.2 that originates from the ability to bypass Kiosk mode application restrictions to execute arbitrary code...
CVE-2023-51749
ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...
Scalefusion kiosk security vulnerability
ScaleFusion is a mobile device management and unified endpoint management application from ScaleFusion. A security vulnerability exists in the Scalefusion kiosk version 10.5.2, which originates from a searchable tooltip and results in the inability to properly restrict users from using the Edge...
CVE-2023-51748
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...
Scalefusion kiosk security vulnerability
ScaleFusion is a mobile device management and unified endpoint management application from ScaleFusion. A security vulnerability exists in the Scalefusion kiosk version 10.5.2, which stems from the ability to use Alt-F4, resulting in the inability to properly restrict users from using the Edge...
Scalefusion kiosk security vulnerability
ScaleFusion is a mobile device management and unified endpoint management application from ScaleFusion. A security vulnerability exists in the Scalefusion kiosk version 10.5.2 that stems from the ability to use Ctrl-O and Ctrl-S, resulting in the inability to properly restrict users from using th...
CVE-2023-51748
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...
CVE-2023-51751
ScaleFusion (Scalefusion) kiosk vulnerability CVE-2023-51751: in version 10.5.2, users are not properly limited to the Edge application and can use Alt-F4 to escape the restricted Edge environment. The issue affects the Agent-based Multi-App and Single App Kiosk modes, enabling access beyond the ...
CVE-2023-51750
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...
CVE-2023-51748
ScaleFusion 10.5.2 is affected by a kiosk-mode security issue where Ctrl-O and Ctrl-S can bypass the Edge application restriction, potentially exposing the isolated environment. Root cause: insufficient access control in Scalefusion MDM Agent allowing users to access the file explorer. The issue ...
Scalefusion kiosk security vulnerability
ScaleFusion is a mobile device management and unified endpoint management application from ScaleFusion. A security vulnerability exists in the Scalefusion kiosk version 10.5.2, which stems from a file download that may occur, resulting in the inability to properly restrict users from using the Ed...
CVE-2023-51751
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...
CVE-2023-51751
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...
CVE-2023-51750
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...