PT-2020-9867 · Jamf · Jamf Pro
Published
2020-01-08
·
Updated
2020-01-13
·
CVE-2019-17076
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Jamf Pro versions 9.x through 10.15.0
Description
An issue was discovered that allows deserialization of untrusted data when parsing JSON in several APIs, which may cause Denial of Service (DoS), remote code execution (RCE), and/or deletion of files on the Jamf Pro server.
Recommendations
For Jamf Pro versions 9.x through 10.15.0, update to version 10.15.1 or later to resolve the issue.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jamf Pro