The advisory is now public. Cyberbullying vendors into doing the right thing is my community service.

CVSS 10. “Remote unauthenticated API access”.

This one is completely nuts btw, I set up a honeypot and it’s already being probed via the API - which allows admin access and is completely unauthenticated, apparently nobody ever pentested one of the most widely used MDM solutions.

· Edited · · 4 · 57 · 86