CVE-2020-15505

Warnung

Exploit

EPSS 94.35%
Veröffentlicht 07.07.2020 02:15:10
Zuletzt bearbeitet 07.11.2025 19:32:10
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mobileiron ≫ Core Version < 10.3.0.4

Mobileiron ≫ Core Version >= 10.4.0.0 < 10.4.0.4

Mobileiron ≫ Core Version >= 10.5.1.0 < 10.5.1.1

Mobileiron ≫ Core Version >= 10.5.2.0 < 10.5.2.1

Mobileiron ≫ Core Version >= 10.6.0.0 < 10.6.0.1

Mobileiron ≫ Enterprise Connector Version < 10.3.0.4

Mobileiron ≫ Enterprise Connector Version >= 10.4.0.0 < 10.4.0.4

Mobileiron ≫ Enterprise Connector Version >= 10.5.1.0 < 10.5.1.1

Mobileiron ≫ Enterprise Connector Version >= 10.5.2.0 < 10.5.2.1

Mobileiron ≫ Enterprise Connector Version >= 10.6.0.0 < 10.6.0.1

Mobileiron ≫ Monitor And Reporting Database Version < 2.0.0.2

Mobileiron ≫ Sentry Version >= 9.7.0 < 9.7.3

Mobileiron ≫ Sentry Version >= 9.8.0 < 9.8.1

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability

Schwachstelle

Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.35%	1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-706 Use of Incorrectly-Resolved Name or Reference

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

http://packetstormsecurity.com/files/161097/MobileIron-MDM-Hessian-Based-Java-Deserialization-Remote-Code-Execution.html

Third Party Advisory

Exploit

VDB Entry

https://cwe.mitre.org/data/definitions/41.html

Third Party Advisory

https://perchsecurity.com/perch-news/cve-spotlight-mobileiron-rce-cve-2020-15505/

Third Party Advisory

Exploit

https://www.mobileiron.com/en/blog/mobileiron-security-updates-available

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-15505