Security Advisories

CVE Shortened Description Severity Issue Date Updated on
CVE-2023-3897 Bypassing CAPTCHA & Enumerating Usernames via Password Reset Page
4.8 - Medium
 07/25/2023 07/25/2023
CVE-2023-2331 Bypassing hardening via Unquoted Service path vulnerability
7.8 - High
 04/27/2023 04/28/2023
CVE-2023-2335 Plaintext Password in Registry
6.5 - Medium
 04/27/2023 04/28/2023
CVE-2021-44228 Apache Log4j Vulnerability (CVE-2021-44228)
10.0 - High
 12/10/2021 02/06/2023
CVE-2022-42889 Apache Commons Text "Text4Shell"
9.8 - High
 10/13/2022 03/01/2023
CVE-2018-15656 An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email
7.5 - High
 02/04/2019 03/23/2021
CVE-2018-15658 An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user
7.5 - High
 02/04/2019 03/23/2021
CVE-2018-15657 An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.
7.3 - High
 02/04/2019 03/23/2021
CVE-2018-15655 CVE-2018-15659 An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is possible.
6.5 - Medium
 02/05/2019 02/05/2019

Operational Advisories

Outage ID Shortened Description Issue Date Details
Ops-2025-07-16 Information Regarding the Service Disruption for a Subset of Customers on July 16, 2025 07/16/2025
Outage ID: Ops-2025-07-16

Overview

On July 16, 2025, we experienced a service disruption that surfaced during a routine patch deployment in one of the environments in the US region. Customer accounts hosted in other environments in the US or other regions around the world were not impacted. The issue temporarily affected internal data retrieval in our system and, as a result, impacted our application functionality. Admin users were not able to log in to their accounts, but there was no impact on devices, except iOS and macOS devices that connected with the server during the service disruption period.  Although the update was rolled back promptly, additional time was required to fully revalidate and restore the accurate configuration. The root cause was identified, corrective actions were implemented, and preventive measures are now in place to avoid recurrence.

Root Cause Determination

The incident was caused by configuration inconsistencies in the production environment that were introduced during a routine patch update. These inconsistencies led the application to lose connectivity with a core data store, causing the service disruption.

Service Disruption: The application's inability to retrieve data from its core store resulted in a temporary loss of functionality and retrieval errors, causing the main service disruption.

Cascading Device Validation Failure: The same configuration error caused certain Apple devices to fail validation checks when attempting to connect to our servers. Because of this validation failure, the server incorrectly triggered the removal of MDM profiles, which in turn could result in the removal of apps installed through MDM. The device validation system itself was not flawed; rather, its expected behavior was triggered by the upstream configuration error, leading to an unintended consequence.

Timeline of Events

  • July 16, 2025, 16:30 IST: A minor patch update was deployed to the production environment, impacting only a single tenant cluster serving a specific region. All other regions and environments remained unaffected and fully operational.
  • July 16, 2025, 17:15 IST: The internal team detects service disruptions and reports errors. An immediate investigation is initiated, and the issue is escalated. 
  • July 16, 2025, 17:22 IST: Customers begin reporting service disruptions.
  • July 16, 2025, 18:15 IST: Configuration inconsistencies are identified and a rollback is initiated to revert the changes introduced by the patch.
  • July 16, 2025, 19:05 IST: A comprehensive revalidation of all configuration parameters is ongoing.
  • July 16, 2025, 20:05 IST: Login service is restored.
  • July 16, 2025, 20:15 IST: Login and enrollment services are fully resolved.
  • July 17, 2025, 00:15 IST: An email with guidance on the restoration of lost Apple device profiles is sent to affected customers.
  • August 19, 2025: This Root Cause Analysis (RCA) is published to our Trust Center.

Preventive Actions

While we regret this incident, we are using this as an opportunity to strengthen our systems and fortify our processes. We have implemented several preventative measures, including
  • Automated Configuration Validation Checks: We are integrating automated configuration validation checks into our CI/CD pipeline to catch environment inconsistencies before deployment. This is our top priority. Device Validation checks, which triggered the removal of the profile, have already been made more robust with multiple levels of fallbacks and better error handling.
  • Enhanced Monitoring: We have improved our monitoring and alerting mechanisms to detect configuration-driven service anomalies at an earlier stage.
  • Periodic Review of Deployment Tooling: We have instituted a process of periodic reviews for our deployment tools to ensure environment consistency across updates.
Guidance for Customers No action is needed from customers whose devices were not impacted. An email notification was sent to all customers who were identified to have impacted Apple devices. Please check for any missing apps or settings. If any have disappeared, please follow the recovery steps we've already provided to re-enroll your devices. We sincerely apologize for the inconvenience and concern this may have caused. We are committed to full transparency and are here to help.Should you need any assistance or have questions, please feel free to reach out to our team at techsupport@42gears.com or visit our Support Portal.