Welcome to the BigFix Blog, where you can read the perspectives from network and service assurance experts. This Blog provides insights into the endpoint management solution, as well as technical details about specific IBM products.
IBM Endpoint Manager (IEM) for Mobile Device Management team is pleased to announce an update to the site has been released!
Reasons for Update:
This is a recommended update to all versions of the iOS Extender, Self-Service Portal, Trusted Services Provider and Admin Portal components of IBM Tivoli Endpoint Manager for Mobile Device Management (MDM) prior to version 9.0.60100, as it addresses vulnerability CVE-2014-6140.
These components of IBM Tivoli Endpoint Manager for MDM are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials and execute arbitrary code.
Published site version:
Mobile Device Management, version 104.
Actions to Take:
Update the iOS Extender, Self Service Portal, Trusted Service Provider, and Admin portal to version 9.0.60100 or higher with the following Fixlet Messages:
Upgrade Admin Portal (9.0.60100) (Fixlet ID 177)
Upgrade Management Extender for Enrollment and Apple iOS (9.0.60100) (Fixlet ID 94)
Upgrade Self Service Portal (9.0.60100) (Fixlet ID 184)
Upgrade Trusted Services Provider (9.0.60100) (Fixlet ID 200)