ISN 2019-01: UMS Vulnerability

Overview

Announced 28 March 2019

Severity: High

A security issue affects Universal Management Suite (UMS) in the following versions:

* UMS 6.x

* UMS 5.x

Details

An implementation bug in endpoint authentication allows an endpoint to impersonate another endpoint when communicating with UMS.

IGEL would like to thank Timo Lindfors from Nixu Corporation who discovered and reported this.

Update instructions:

UMS 6.x: Update to UMS 6.01.110 or newer.

UMS 5.x: Update to UMS 5.09.130 or newer.

To update your UMS installation, please follow these instructions: https://kb.igel.com/endpointmgmt-6.01/en/updating-a-ums-installation-10323637.html

Last update: April 24, 2019