CVE-2019-17076

Published: Jan 8, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deserialization of untrusted data when parsing JSON in several APIs may cause Denial of Service (DoS), remote code execution (RCE), and/or deletion of files on the Jamf Pro server.

Affected (2)

Products: Jamf: Jamf

Jamf

1 product

Jamf

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Jamf Jamf	From 10.0.0 to 10.15.0
Jamf Jamf	From 9.4 to 9.101.4

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://resources.jamf.com/documents/products/security-disclosure-notice-jamf-pro-10.15.1.pdf

Source: cve@mitre.org

Vendor Advisory

https://resources.jamf.com/documents/products/security-disclosure-notice-jamf-pro-10.15.1.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.