Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) client-server communication and (2) data storage, which allows remote attackers to obtain sensitive information by sniffing the network, and allows context-dependent attackers to obtain sensitive information by reading a file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| baramundi | management_suite | 8.2 |
| baramundi | management_suite | 7.6 |
| baramundi | management_suite | 8.9 |
| baramundi | management_suite | 8.6 |
| baramundi | management_suite | 8.7 |
| baramundi | management_suite | 8.1 |
| baramundi | management_suite | 8.3 |
| baramundi | management_suite | 8.8 |
| baramundi | management_suite | 7.5 |
| baramundi | management_suite | 8.5 |
| baramundi | management_suite | 8.0 |
The OS deployment feature in Baramundi Management Suite 7.5 through 8.9 stores credentials in cleartext on deployed machines, which allows remote attackers to obtain sensitive information by reading a file. NOTE: this ID was also incorrectly mapped to a separate issue in Oracle Outside In, but the correct ID for that issue is CVE-2013-5763.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| baramundi | management_suite | 8.2 |
| baramundi | management_suite | 7.6 |
| baramundi | management_suite | 8.9 |
| baramundi | management_suite | 8.6 |
| baramundi | management_suite | 8.7 |
| baramundi | management_suite | 8.1 |
| baramundi | management_suite | 8.3 |
| baramundi | management_suite | 8.8 |
| baramundi | management_suite | 7.5 |
| baramundi | management_suite | 8.5 |
| baramundi | management_suite | 8.0 |
An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 uses a hardcoded encryption key, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| baramundi | management_suite | 8.2 |
| baramundi | management_suite | 7.6 |
| baramundi | management_suite | 8.9 |
| baramundi | management_suite | 8.6 |
| baramundi | management_suite | 8.7 |
| baramundi | management_suite | 8.1 |
| baramundi | management_suite | 8.3 |
| baramundi | management_suite | 8.8 |
| baramundi | management_suite | 7.5 |
| baramundi | management_suite | 8.5 |
| baramundi | management_suite | 8.0 |
baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in security update S-2022-01, which contains fixed bMA setup files for these versions. This also is fixed in baramundi Management Suite 2022 R2.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| baramundi | management_suite | 2022 |
| baramundi | management_suite | 2021 |
Weak Exception Handling vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| baramundi | enterprise_mobility_management | * |