Suremdm Security Vulnerabilities
Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message. This issue affects SureMDM On-premise: 6.31 and below...
5.3CVSS
5AI Score
0.082EPSS
An issue was discovered in 42Gears SureMDM before 2018-11-27, related to the access policy for Silverlight applications. Cross-origin access is...
6.5CVSS
6.4AI Score
0.002EPSS
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url"...
7.3CVSS
7AI Score
0.001EPSS
An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is...
7.5CVSS
7.3AI Score
0.004EPSS
An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specified....
7.5CVSS
7.4AI Score
0.006EPSS
An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is...
6.5CVSS
6.4AI Score
0.002EPSS