A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMobileiron Core
APPMobileiron< 10.3.0.410.4.0.0 – 10.4.0.4 (bez)10.5.1.0 – 10.5.1.1 (bez)10.5.2.0 – 10.5.2.1 (bez)10.6.0.0 – 10.6.0.1 (bez)Mobileiron Enterprise Connector
APPMobileiron< 10.3.0.410.4.0.0 – 10.4.0.4 (bez)10.5.1.0 – 10.5.1.1 (bez)10.5.2.0 – 10.5.2.1 (bez)10.6.0.0 – 10.6.0.1 (bez)Mobileiron Monitor And Reporting Database
APPMobileiron< 2.0.0.2Mobileiron Sentry
APPMobileiron9.7.0 – 9.7.3 (bez)9.8.0 – 9.8.1 (bez)
CISA KEV — detailsi
- Vendori
- Ivanti ↗
- Producti
- MobileIron Multiple Products
- Added to KEVi
- November 3, 2021
- Remediation deadline (US Federal)i
- May 3, 2022(overdue)
Apply updates per vendor instructions.
Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.
Related vulnerabilities
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0,...
MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.
MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerab...
An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, ...
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encry...