Arbitrary File Upload Vulnerabilities

This document provides information about the arbitrary file upload vulnerability detected in Mobile Device Manager Plus and provides the resolution to secure your MDM server from this vulnerability.

 

Vulnerability Description Fix available in build Fix released on
Arbitrary file upload vulnerability in logs upload on the MDM server 92684 Jan 09, 2020
Arbitrary file upload vulnerability in the Windows app dependency file upload functionality that allowed authenticated users (with permissions to add apps to the App Repository) to upload any file, without proper validation. 92789 Mar 23, 2020

Resolution

The fixes for the vulnerability were released in the build numbers mentioned above. If your MDM server is affected by the arbitrary file upload vulnerability or is running a version below the build number mentioned, upgrade your Mobile Device Manager Plus server to the latest build to resolve the issues.

For more updates on security fixes, follow our Vulnerability Updates forums.