Unauthenticated IDOR Vulnerability

This document will explain you about the unauthenticated IDOR Vulnerability which could also lead to Stored XSS vulnerability.

What was the problem?

Documents which are to be distributed to mobile devices via "Content Mangement" are stored in the Endpoint Central server. These uploaded documents could be accessed without authentication. By uploading a malicious JavaScript file, a stored XSS attack could be triggered.

How do I fix it?

This has been identified and fixed on 21-Aug-2019. To apply this fix, follow the steps below:

  1. Log in to your Endpoint Central console, click on your current build number on the top right corner.
  2. You can find the latest build applicable to you. Download the PPM and update.

    Keywords: Security Updates, Vulnerabilities and Fixes.