Title

The Samsung SDS EMM server must be maintained at a supported version. (Cat I impact)

Discussion

Versions of Samsung SDS EMM are maintained by Samsung SDS for specific periods of time. Unsupported versions will not receive security updates for new vulnerabilities which leaves them subject to exploitation. SFR ID: FPT_TUD_EXT.1

Check Content

Verify the installed version of the Samsung SDS EMM server is a supported version. A list of supported versions of EMM can be found at http://support.samsungsds.com. (Note: An account is needed to access this web page. The site EMM system administrator should be able to access the site and print the list for the reviewer/auditor.) For viewing the installed version of EMM, on the MDM console, do the following: 1. Log in to the Admin Console using a web browser. 2. Check the version by version number and deploy date at the bottom left on the screen. 3. Verify the version is on the list of supported versions on the Samsung SDS website. If the installed version of Samsung SDS EMM server is not a supported version, this is a finding.

Fix Text

For viewing the installed version of EMM, on the MDM console, do the following: 1. Log in to the Admin Console using a web browser. 2. Check the version by version number and deploy date at the bottom left on the screen. 3. Verify the installed version of the Samsung SDS EMM server is a supported version. A list of supported versions of EMM can be found at http://support.samsungsds.com. (Note: An account is needed to access this web page. The site EMM system administrator should be able to access the site and print the list for the reviewer/auditor.) 4. Install a supported version of SDS EMM using Samsung SDS published procedures. To get the EMM Installer and apk file, contact the EMM technical support team.

Additional Identifiers

Rule ID: SV-225650r588007_rule

Vulnerability ID: V-225650

Group Title: PP-MDM-992000

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.