Jamf: >> Jamf >> 10.24.2 Security Vulnerabilities
There is broken access control during authentication in Jamf Pro Server before 10.46.1.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-12-25
An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-12-01
The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-11-12
Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. An attacker may craft a URL that appears to be for a customer's Jamf Pro instance, but when clicked will forward a user to an arbitrary URL that may be malicious. This is tracked via Jamf with the following ID: PI-009822
CVSS Score
6.1
EPSS Score
0.002
Published
2021-07-12
Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-04-02