Vulnerabilities > Jamf
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-25 | CVE-2023-31224 | Improper Authentication vulnerability in Jamf There is broken access control during authentication in Jamf Pro Server before 10.46.1. | 9.8 |
| 2022-06-07 | CVE-2022-29564 | Unspecified vulnerability in Jamf Private Access Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801. | 7.5 |
| 2021-12-01 | CVE-2021-40809 | Server-Side Request Forgery (SSRF) vulnerability in Jamf An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. | 8.8 |
| 2021-11-12 | CVE-2021-39303 | Server-Side Request Forgery (SSRF) vulnerability in Jamf The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. | 9.8 |
| 2021-07-12 | CVE-2021-35037 | Open Redirect vulnerability in Jamf Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. | 6.1 |
| 2021-04-02 | CVE-2021-30125 | Cross-site Scripting vulnerability in Jamf Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376. | 6.1 |
| 2020-01-08 | CVE-2019-17076 | Deserialization of Untrusted Data vulnerability in Jamf An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. | 9.8 |
| 2020-01-07 | CVE-2018-10465 | Unspecified vulnerability in Jamf Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. | 8.8 |
| 2019-02-25 | CVE-2019-9146 | Unspecified vulnerability in Jamf Self Service 10.9.0 Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a root shell by leveraging the "publish Bash shell scripts" feature to insert "/Applications/Utilities/Terminal app/Contents/MacOS/Terminal" into the TCP data stream. high complexity jamf | 7.5 |