HIGH✓ PATCH🇬🇧 English

CVE-2020-15507

CVSS 7.5v3.1pub. 2020-07-07upd. 2024-11-21

An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read files on the system via unspecified vectors.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Mobileiron Cloud

    APP
    Mobileiron
    ≤ 10.6
  • Mobileiron Core

    APP
    Mobileiron
    ≤ 10.6
  • Mobileiron Enterprise Connector

    APP
    Mobileiron
    ≤ 10.6
  • Mobileiron Reporting Database

    APP
    Mobileiron
    ≤ 10.6
  • Mobileiron Sentry

    APP
    Mobileiron
    ≤ 10.6
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2020-15505CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, ...

CVE-2020-15506CRITICAL9.8ten sam produkt

An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0,...

CVE-2013-7287CRITICAL9.8ten sam produkt

MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.

CVE-2014-1409CRITICAL9.1ten sam produkt

MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerab...

CVE-2020-35138CRITICAL9.8ten sam vendor

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encry...