ISN 2019-01: UMS Vulnerability


Announced 28 March 2019

Severity: High

A security issue affects Universal Management Suite (UMS) in the following versions:

* UMS 6.x

* UMS 5.x


An implementation bug in endpoint authentication allows an endpoint to impersonate another endpoint when communicating with UMS.

IGEL would like to thank Timo Lindfors from Nixu Corporation who discovered and reported this.

Update instructions:

UMS 6.x: Update to UMS 6.01.110 or newer.

UMS 5.x: Update to UMS 5.09.130 or newer.

To update your UMS installation, please follow these instructions:

Last update: April 24, 2019