124 matches found
CVE-2022-29564
CVE-2022-29564 concerns Jamf Private Access with Incorrect Access Control prior to 2022-05-16, enabling an unauthorized user to reach systems in the internal infrastructure. The vulnerability is detailed across multiple sources (e.g., Red Hat advisory, NVD entry) and is associated with variants o...
Jamf Private Access 安全漏洞
Jamf Private Access is a cloud-based solution from Jamf USA, Inc. It is used for remote access. A security vulnerability exists in versions of Jamf Private Access prior to 2022-05-16 that stems from having incorrect access control. An attacker could exploit the vulnerability to access systems in...
PT-2022-19700 · Jamf · Jamf Private Access
Name of the Vulnerable Software and Affected Versions: Jamf Private Access versions prior to 2022-05-16 Description: The issue is related to Incorrect Access Control, allowing an unauthorized user to reach a system in the internal infrastructure. Recommendations: For Jamf Private Access versions...
Linux jss 安全漏洞
ruby-jss is a Ruby framework for interacting with the JAMF Software Server JSS REST API. A security vulnerability exists in Linux jss that stems from a memory leak in a software TLS connection leading to an object serialization issue...
Shopify: XSS at jamfpro.shopifycloud.com
An XSS vulnerability was discovered in the instance of Jamf Pro running on https://jamfpro.shopifycloud.com due to the old Swagger-UI being exposed at /classicapi/doc/. An attacker could have crafted a URL to introduce an XSS payload and execute arbitrary JS code in the context of the application...
CVE-2021-40809
An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows...
CVE-2021-40809
An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows...
CVE-2021-40809
An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows...
Authentication flaw
An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows...
CVE-2021-40809
CVE-2021-40809 : Jamf Pro before 10.32.0 is affected by an authentication-related privilege escalation where an account can be granted incorrect privileges in response to certain sign-on workflows. This is a real vulnerability affecting Jamf Pro prior to 10.32.0; remediation is to upgrade to Jamf...
CVE-2021-40809
An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows...
JAMF Jamf Pro 代码问题漏洞
JAMF Jamf Pro is an Apple device management solution from Jamf America JAMF. A security vulnerability exists in Jamf Pro that stems from an issue discovered in Jamf Pro prior to 10.32.0, PI-009921, where incorrect privileges may be granted to an account in response to authentication using a...
CVE-2021-39303
The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability...
CVE-2021-39303
The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability...
Server side request forgery (ssrf)
The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability...
CVE-2021-39303
The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability...
CVE-2021-39303
The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability...
CVE-2021-39303
The CVE-2021-39303 entry concerns a server-side request forgery (SSRF) in the Jamf Pro server prior to 10.32.0 (PI-006352). Multiple sources identify the affected product as Jamf Pro and confirm the vulnerability exists on the server before the 10.32.0 release. The CVSS data in the NVD entry show...
JAMF Jamf Pro 代码问题漏洞
JAMF Jamf Pro is an Apple device management solution from Jamf America JAMF. A security vulnerability exists in Jamf Pro versions prior to 10.32.0. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor's announcement...
CVE-2021-35037
Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. An attacker may craft a URL that appears to be for a customer's Jamf Pro instance, but when clicked will forward a user to an arbitrary URL that may b...