Jeff Hofmann

**Name of the Vulnerable Software and Affected Versions** Northern.tech Mender Enterprise versions prior to 3.2.2 Deviceconnect microservice versions through 1.3.0 **Description** The issue allows Cross-Origin Websocket Hijacking. **Recommendations** For Northern.tech Mender Enterprise versions prior to 3.2.2, update to version 3.2.2 or later. For Deviceconnect microservice versions through 1.3.0, update to a version later than 1.3.0.

**Name of the Vulnerable Software and Affected Versions** Mender Enterprise versions 1.0.0 through 3.2.1 iot-manager microservice version 1.0.0 **Description** The issue allows Server-Side Request Forgery (SSRF) due to the Azure IoT Hub integration in the iot-manager microservice, which provides primitives that can execute cross-tenant actions via internal API endpoints. **Recommendations** For Mender Enterprise versions 1.0.0 through 3.2.1, update to version 3.2.2 or later to resolve the issue. For iot-manager microservice version 1.0.0, update to a version that is bundled with Mender Enterprise 3.2.2 or later.