This document will explain you about the unauthenticated IDOR Vulnerability which could also lead to Stored XSS vulnerability.
Documents which are to be distributed to mobile devices via "Content Mangement" are stored in the Endpoint Central server. These uploaded documents could be accessed without authentication. By uploading a malicious JavaScript file, a stored XSS attack could be triggered.
This has been identified and fixed on 21-Aug-2019. To apply this fix, follow the steps below:
Keywords: Security Updates, Vulnerabilities and Fixes.