Critical Security Patch for IBM Endpoint Manager Platform
MikeOttum 270004983N Visits (2063)
The IBM Endpoint Manager team has updated multiple versions of the Endpoint Manager product to address a critical vulnerability. This vulnerability could allow an attacker to access files on an affected server or cause an affected server to make a arbitrary HTTP GET requests. We will be releasing the technical details of this vulnerability on a future date once all of our customers have had sufficient time to upgrade their systems.
Here are the versions of the Endpoint Manager Platform that are vulnerable and the components involved:
9.1 -- all versions up to the patch (9.1.1088.0) -- Root Server, Web Reports, and Server API
9.0 -- all versions up to the patch (9.0.853.0) -- Root Server, Web Reports, and Server API
8.2 -- all versions up to the patch (8.2.1445.0) -- Web Reports and Server API
8.1 -- all versions up to the patch (8.1.1653.0) -- Web Reports and Server API
Agents and relays are not exposed to this vulnerability and do not need to be patched.
For more details about the vulnerability and the steps to upgrade IEM, please refer to the Security Bulletin for your version of IEM: