MEDIUM🇵🇱 Wersja polska

CVE-2014-5903

CVSS 5.4v2.0pub. 2014-09-15upd. 2026-05-06

The Mobile@Work (aka com.mobileiron) application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS Vector
AV:A/AC:M/Au:N/C:P/I:P/A:P
  • Mobileiron Mobile\@work

    APP
    Mobileiron
    6.0.0.1.12r
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-35138CRITICAL9.8ten sam produkt

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encry...

CVE-2020-35137HIGH7.5ten sam produkt

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate ...

CVE-2021-3391MEDIUM5.3ten sam produkt

MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexiste...

CVE-2020-15505CRITICAL9.8⚠ KEVten sam vendor

A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, ...

CVE-2020-15506CRITICAL9.8ten sam vendor

An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0,...