MidnightBSD

Advisories for baramundi

CVE-2013-3593 HIGH

Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) client-server communication and (2) data storage, which allows remote attackers to obtain sensitive information by sniffing the network, and allows context-dependent attackers to obtain sensitive information by reading a file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
baramundi management_suite 8.2
baramundi management_suite 7.6
baramundi management_suite 8.9
baramundi management_suite 8.6
baramundi management_suite 8.7
baramundi management_suite 8.1
baramundi management_suite 8.3
baramundi management_suite 8.8
baramundi management_suite 7.5
baramundi management_suite 8.5
baramundi management_suite 8.0
CVE-2013-3624 HIGH

The OS deployment feature in Baramundi Management Suite 7.5 through 8.9 stores credentials in cleartext on deployed machines, which allows remote attackers to obtain sensitive information by reading a file. NOTE: this ID was also incorrectly mapped to a separate issue in Oracle Outside In, but the correct ID for that issue is CVE-2013-5763.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
baramundi management_suite 8.2
baramundi management_suite 7.6
baramundi management_suite 8.9
baramundi management_suite 8.6
baramundi management_suite 8.7
baramundi management_suite 8.1
baramundi management_suite 8.3
baramundi management_suite 8.8
baramundi management_suite 7.5
baramundi management_suite 8.5
baramundi management_suite 8.0
CVE-2013-3625 HIGH

An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 uses a hardcoded encryption key, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
baramundi management_suite 8.2
baramundi management_suite 7.6
baramundi management_suite 8.9
baramundi management_suite 8.6
baramundi management_suite 8.7
baramundi management_suite 8.1
baramundi management_suite 8.3
baramundi management_suite 8.8
baramundi management_suite 7.5
baramundi management_suite 8.5
baramundi management_suite 8.0
CVE-2022-43747

baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in security update S-2022-01, which contains fixed bMA setup files for these versions. This also is fixed in baramundi Management Suite 2022 R2.

Products Affected

Vendor Product Version
baramundi management_suite 2022
baramundi management_suite 2021
CVE-2023-37605

Weak Exception Handling vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
baramundi enterprise_mobility_management *