Primary

Context

Proget MDM Incorrect Authorization Vulnerability Allowing Unauthorized Access to Profile Information

Vulnerability

An incorrect authorization vulnerability has been identified in Proget MDM, specifically in the server component of the Proget suite. This vulnerability allows low-privileged users to access information about profiles created within the MDM, including details on permitted and restricted functions. However, the profiles do not contain sensitive information or details about their application on connected devices. The vulnerability affects all versions of Proget prior to 2.17.5.

Impact

Exploitation of this vulnerability could lead to unauthorized access to profile information within Proget MDM, allowing low-privileged users to gain insights into managed functions and policies, potentially facilitating further exploitation of the MDM system.

Remediation

Users can upgrade to Proget version 2.17.5 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Proget MDM Incorrect Authorization Vulnerability Allowing Unauthorized Access to Profile Information

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating