A vulnerability in the IBM Endpoint Manager for mobile devices could allow attackers to execute malicious code on the servers used by companies to manage devices.

The IBM Endpoint Manager Mobile Device Management (MDM) product provides companies with management, security and reporting functionality for mobile devices.

Researchers from a German security firm called RedTeam Pentesting discovered that authentication cookies for several IBM Endpoint Manager components are protected with a hardcoded static secret token that can be easily obtained. The affected components are iOS extender, Self-service portal, Trusted Services provider and Admin Portal.

To read this article in full or to leave a comment, please click here