Severity: High (7.0-8.9)
CVE ID: CVE-2025-11446
Details
This advisory address a vulnerability where sensitive user information is written to upKeeper Manager Client API log when clients connect from upKeeper Manager DSOS.
Problem type: CWE-532
Impact: CAPEC-560
Applicability
This advisory is applicable only when
| Product Name | Impacted Version(s) | Fixed Version(s) | Released On |
|---|---|---|---|
| upKeeper Manager | 5.2.0 to 5.2.12 | 5.2.13.1 | 2025-07-03 |
Impact
This vulnerability allows users to use information from the upKeeper Manager Client API log to request information from the upKeeper Manager Client API about client computers.
Fix
This issue has been fixed by updating upKeeper Manager Client API to 5.2.13.1 version or later.
Acknowledgements
This vulnerability was reported by one of our customers.
Please contact our security team (secure@upkeeper.se) for security related questions and product support (help@upkeeper.se) for questions about our products or services.
Comments
0 comments
Please sign in to leave a comment.