An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is loaded. This results in a list of unprotected API endpoints that disclose call logs, SMS logs, and user-account data.
References
Link | Resource |
---|---|
https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-02-05T03:00:00
Updated: 2019-02-05T03:57:01
Reserved: 2018-08-21T00:00:00
Link: CVE-2018-15658
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-02-05T03:29:00.347
Modified: 2019-02-19T17:53:38.777
Link: CVE-2018-15658
JSON object: View
Redhat Information
No data.
CWE