This document provides information about the arbitrary file upload vulnerability detected in Mobile Device Manager Plus MSP and provides the resolution to secure your MDM MSP server from this vulnerability.
Fix available in build
Fix released on
Arbitrary file upload vulnerability in logs upload on the MDM MSP server
Jan 09, 2020
Arbitrary file upload vulnerability in the Windows app dependency file upload functionality that allowed authenticated users (with permissions to add apps to the App Repository) to upload any file, without proper validation.
Mar 23, 2020
The fixes for the vulnerability were released in the build numbers mentioned above. If your MDM MSP server is affected by the arbitrary file upload vulnerability or is running a version below the build number mentioned, upgrade your Mobile Device Manager Plus MSP server to the latest build to resolve the issues.
For more updates on security fixes, follow our Vulnerability Updates forums.