[BESAdmin-Announcements] Mobile Device Management Site Updated!

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Mon Dec 1 16:30:10 PST 2014 



IBM Endpoint Manager (IEM) for Mobile Device Management team is pleased to
announce an update to the site has been released!


Reasons for Update:
This is a recommender update to all versions of the iOS Extender,
Self-Service Portal, Trusted Services Provider and Admin Portal components
of IBM Tivoli Endpoint Manager for Mobile Device Management (MDM) prior to
version 9.0.60100, as it addresses vulnerability CVE-2014-6140.

These components of IBM Tivoli Endpoint Manager for MDM are vulnerable to
cross-site scripting, caused by improper validation of user-supplied input.
A remote attacker could exploit this vulnerability using a
specially-crafted URL to execute script in a victim's Web browser within
the security context of the hosting Web site, once the URL is clicked. An
attacker could use this vulnerability to steal the victim's cookie-based
authentication credentials and execute arbitrary code.


Published site version:
Mobile Device Management, version 104.


Actions to Take:
Update the iOS Extender, Self Service Portal, Trusted Service Provider, and
Admin portal to version 9.0.60100 or higher with the following Fixlet
Messages:
                                                                 
 Upgrade Admin Portal (9.0.60100) (Fixlet ID 177)                
 Upgrade Management Extender for Enrollment and Apple iOS        
 (9.0.60100) (Fixlet ID 94)                                      
 Upgrade Self Service Portal (9.0.60100) (Fixlet ID 184)         
 Upgrade Trusted Services Provider (9.0.60100) (Fixlet ID 200)   
                                                                 


                                                                               
                                                                               
                                                                               


Additional Information:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-6140


________________________________________________________________________________________________________________________

Application Engineering Team
IBM Endpoint Manager
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20141201/a2c15ef7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20141201/a2c15ef7/attachment.gif>

More information about the Besadmin-announcements mailing list