CVE-2018-15658

HIGH

42gears SureMDM < 2018-11-27 - Unauthenticated Exposure of Sensitive Information via Master Console Page

Title source: llm
STIX 2.1

Description

An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is loaded. This results in a list of unprotected API endpoints that disclose call logs, SMS logs, and user-account data.

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0178
EPSS Percentile 75.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
42gears/suremdm < 2018-11-27
Published Feb 05, 2019
Tracked Since Feb 18, 2026