This document provides information about the arbitrary file upload vulnerability detected in Mobile Device Manager Plus MSP and provides the resolution to secure your MDM MSP server from this vulnerability.
Vulnerability Description
Fix available in build
Fix released on
Arbitrary file upload vulnerability in logs upload on the MDM MSP server
92684
Jan 09, 2020
Arbitrary file upload vulnerability in the Windows app dependency file upload functionality that allowed authenticated users (with permissions to add apps to the App Repository) to upload any file, without proper validation.
92789
Mar 23, 2020
The fixes for the vulnerability were released in the build numbers mentioned above. If your MDM MSP server is affected by the arbitrary file upload vulnerability or is running a version below the build number mentioned, upgrade your Mobile Device Manager Plus MSP server to the latest build to resolve the issues.
For more updates on security fixes, follow our Vulnerability Updates forums.