CVE-2021-35037

Опубликовано: 12 июл. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. An attacker may craft a URL that appears to be for a customer's Jamf Pro instance, but when clicked will forward a user to an arbitrary URL that may be malicious. This is tracked via Jamf with the following ID: PI-009822

Ссылки

https://www.jamf.com/jamf-nation/discussions/39219/jamf-pro-10-30-1-security-upgrade
Vendor Advisory
https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/
Release Notes
Vendor Advisory
https://www.jamf.com/jamf-nation/discussions/39219/jamf-pro-10-30-1-security-upgrade
Vendor Advisory
https://www.jamf.com/resources/product-documentation/jamf-pro-release-notes/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jamf:jamf:*:*:*:*:pro:*:*:*

Версия до 10.30.1 (исключая)

EPSS

Процентиль: 36%

0.00154

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-mpmp-43vw-64c6

github

больше 3 лет назад