Vulnerabilities > Jamf
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-25 | CVE-2023-31224 | Improper Authentication vulnerability in Jamf There is broken access control during authentication in Jamf Pro Server before 10.46.1. | 9.8 |
| 2022-06-07 | CVE-2022-29564 | Unspecified vulnerability in Jamf Private Access Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801. | 7.5 |
| 2021-12-01 | CVE-2021-40809 | Server-Side Request Forgery (SSRF) vulnerability in Jamf An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. | 6.5 |
| 2021-11-12 | CVE-2021-39303 | Server-Side Request Forgery (SSRF) vulnerability in Jamf The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. | 7.5 |
| 2021-07-12 | CVE-2021-35037 | Open Redirect vulnerability in Jamf Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. | 5.8 |
| 2021-04-02 | CVE-2021-30125 | Cross-site Scripting vulnerability in Jamf Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376. | 4.3 |
| 2020-01-08 | CVE-2019-17076 | Deserialization of Untrusted Data vulnerability in Jamf An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. | 7.5 |
| 2020-01-07 | CVE-2018-10465 | Unspecified vulnerability in Jamf Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. | 6.5 |
| 2019-02-25 | CVE-2019-9146 | Unspecified vulnerability in Jamf Self Service 10.9.0 Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a root shell by leveraging the "publish Bash shell scripts" feature to insert "/Applications/Utilities/Terminal app/Contents/MacOS/Terminal" into the TCP data stream. | 7.9 |
| 2012-09-28 | CVE-2012-4051 | Cross-Site Request Forgery (CSRF) vulnerability in Jamf Casper Suite Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action. | 6.8 |