42gears 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は パス処理の欠陥 and vendor risk ssrf に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で ファイル上書き などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-3897 | Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message. This issue affects SureMDM On-premise: 6.31 and below version | [email protected] | 4.8 | 1.29% | 2023-07-25 | 2025-02-13 |
| CVE-2023-2335 | Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0. | [email protected] | 6.5 | 0.09% | 2023-04-27 | 2024-11-21 |
| CVE-2023-2331 | Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0. | [email protected] | 7.8 | 0.05% | 2023-04-27 | 2024-11-21 |
| CVE-2018-15659 | An issue was discovered in 42Gears SureMDM before 2018-11-27, related to the access policy for Silverlight applications. Cross-origin access is possible. | [email protected] | 6.5 | 0.39% | 2019-02-05 | 2024-11-21 |
| CVE-2018-15658 | An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is loaded. This results in a list of unprotected API endpoints that disclose call logs, SMS logs, and user-account data. | [email protected] | 7.5 | 0.61% | 2019-02-05 | 2024-11-21 |
| CVE-2018-15657 | An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter. | [email protected] | 7.3 | 7.77% | 2019-02-05 | 2024-11-21 |
| CVE-2018-15656 | An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specified e-mail address. The request must be made with an "apiKey" value in the "ApiKey" header. | [email protected] | 7.5 | 0.32% | 2019-02-05 | 2024-11-21 |
| CVE-2018-15655 | An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is possible. | [email protected] | 6.5 | 0.33% | 2019-02-05 | 2024-11-21 |