Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8487

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2014-8487
Last Modified 24 Feb 2015 01:40:55
Published 24 Feb 2015 10:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-8487

Summary

Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and earlier allows remote authenticated users to read (1) arbitrary messages via the messageId parameter to selfservice/managedevice/getMessageBody or (2) requests via the requestId parameter to selfservice/devicemgmt/getDeviceInfoTab.htm.

Vulnerable Systems

Application

  • Kony Enterprise Mobile Management 1.2


References

BID - 72714

BUGTRAQ - 20150222 CVE-2014-8487: Kony EMM insecurity Direct Object Reference


Last Updated: 27 May 2016 11:07:54