4 matches found
CVE-2014-6140
IBM Endpoint Manager for Mobile Devices (TEM/Mobile Device Management) components including Enrollment and Apple iOS Management Extender, Self-Service Portal, Admin Portal, and Trusted Service Provider are affected. The root cause is that TEM uses static secret_token values across all installatio...
IBM Endpoint Manager For Mobile Devices Code Execution Vulnerability
During a penetration test, RedTeam Pentesting discovered that several IBM Endpoint Manager Components are based on Ruby on Rails and use static secrettoken values. With these values, attackers can create valid session cookies containing marshalled objects of their choosing. This can be leveraged ...
IBM Endpoint Manager For Mobile Devices Code Execution
Advisory: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components During a penetration test, RedTeam Pentesting discovered that several IBM Endpoint Manager Components are based on Ruby on Rails and use static secrettoken values. With these values,...
[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components
Advisory: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components During a penetration test, RedTeam Pentesting discovered that several IBM Endpoint Manager Components are based on Ruby on Rails and use static secrettoken values. With these values,...