CVSS: 9.8EPSS: 94%CPEs: 13EXPL: 3CVE-2020-15505 – Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-15505
07 Jul 2020 — A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors. Se presenta una vulnerabilidad de ejecución de código remoto en las versiones 10.3.0.3 y anteriores del MobileIron Core y Connector, version... • https://packetstorm.news/files/id/161097 • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2020-15506
https://notcve.org/view.php?id=CVE-2020-15506
07 Jul 2020 — An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors. Una vulnerabilidad de omisión de autentificación en MobileIron Core y Connector versiones 10.3.0.3 y anteriores, versiones 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 y versión 10.6.0.0 permite a atacantes remotos omitir los mecanismo... • https://www.mobileiron.com/en/blog/mobileiron-security-updates-available •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2020-15507
https://notcve.org/view.php?id=CVE-2020-15507
07 Jul 2020 — An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read files on the system via unspecified vectors. Se presenta una vulnerabilidad arbitraria de lectura de archivos en MobileIron Core y Connector versiones 10.3.0.3 y anteriores, versiones 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 y versión 10.6.0.0 que permite a atacantes remotos leer archivos sobre... • https://www.mobileiron.com/en/blog/mobileiron-security-updates-available •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2013-7287
https://notcve.org/view.php?id=CVE-2013-7287
13 Feb 2020 — MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme. MobileIron VSP versiones anteriores a 5.9.1 y Sentry versiones anteriores a 5.0, presentan un esquema de cifrado no seguro. • http://seclists.org/fulldisclosure/2014/Apr/21 • CWE-326: Inadequate Encryption Strength •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 2CVE-2014-1409 – MobileIron VSP / Sentry Authentication Bypass
https://notcve.org/view.php?id=CVE-2014-1409
02 Apr 2014 — MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords MobileIron VSP versiones anteriores a la versión 5.9.1 y Sentry versiones anteriores a la versión 5.0, tienen una vulnerabilidad de omisión de autenticación debido a un archivo XML con contraseñas ofuscadas. MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 suffer from password obfuscation and XPath injection vulnerabilities. • https://packetstorm.news/files/id/125990 • CWE-91: XML Injection (aka Blind XPath Injection) •