2 matches found
CVE-2021-26909
CVE-2021-26909 affects the Automox Agent prior to version 31. The root cause is an insufficiently protected S3 bucket endpoint used to store sensitive files, which could be brute-forced by an attacker to subvert an organization’s security program. Mitigation: upgrade to Automox Agent 31 or later,...
CVE-2021-26908 and CVE-2021-26909: Automox Agent Information Disclosure (FIXED)
Rapid7 researcher Danny Jordan discovered two vulnerabilities in the Automox Agent for Windows and macOS, which could result in information disclosure issues involving the Automox infrastructure. CVE-2021-26908 describes a vulnerability where Automox Agent improperly logs sensitive information on...