Описание
Microsoft Intune for Android Mobile Application Management Tampering Vulnerability
FAQ
How could an attacker exploit this vulnerability?
To exploit this vulnerability, an attacker requires access to a rooted target device and must disable certain components of the Intune Mobile Application Manager which do not fully impact availability. An attacker could then gain access to sensitive files based on the targeted device's privileges but does not provide the ability to alter data.
How do I know if I am affected by this vulnerability?
Customers using Microsoft Intune Mobile Application Management features enabled by the Intune App SDK for Android are affected by this vulnerability. Customers who do not have auto-updates enabled need to update the Intune Company Portal to version 5.0.6215.0 or higher to be protected from this vulnerability.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Intune Mobile Application Management for Android |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
Microsoft Intune for Android Mobile Application Management Tampering Vulnerability
Microsoft Intune for Android Mobile Application Management Tampering Vulnerability
Уязвимость средства управления мобильными приложениями Microsoft Intune Mobile Application Management для Android, связанная с недостатками контроля доступа, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации на основе привилегий целевого устройства
EPSS
6.1 Medium
CVSS3