CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2020-15506

CVSS 9.8v3.1pub. 2020-07-07upd. 2024-11-21

An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mobileiron Cloud

    APP
    Mobileiron
    ≤ 10.6
  • Mobileiron Core

    APP
    Mobileiron
    ≤ 10.6
  • Mobileiron Enterprise Connector

    APP
    Mobileiron
    ≤ 10.6
  • Mobileiron Reporting Database

    APP
    Mobileiron
    ≤ 10.6
  • Mobileiron Sentry

    APP
    Mobileiron
    ≤ 10.6
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2020-15505CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, ...

CVE-2013-7287CRITICAL9.8ten sam produkt

MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.

CVE-2014-1409CRITICAL9.1ten sam produkt

MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerab...

CVE-2020-15507HIGH7.5ten sam produkt

An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, ...

CVE-2020-35138CRITICAL9.8ten sam vendor

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encry...