CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2020-15505

CVSS 9.8v3.1pub. 2020-07-07upd. 2025-11-07

A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mobileiron Core

    APP
    Mobileiron
    < 10.3.0.410.4.0.0 – 10.4.0.4 (bez)10.5.1.0 – 10.5.1.1 (bez)10.5.2.0 – 10.5.2.1 (bez)10.6.0.0 – 10.6.0.1 (bez)
  • Mobileiron Enterprise Connector

    APP
    Mobileiron
    < 10.3.0.410.4.0.0 – 10.4.0.4 (bez)10.5.1.0 – 10.5.1.1 (bez)10.5.2.0 – 10.5.2.1 (bez)10.6.0.0 – 10.6.0.1 (bez)
  • Mobileiron Monitor And Reporting Database

    APP
    Mobileiron
    < 2.0.0.2
  • Mobileiron Sentry

    APP
    Mobileiron
    9.7.0 – 9.7.3 (bez)9.8.0 – 9.8.1 (bez)

CISA KEV — detailsi

Vendori
Ivanti
Producti
MobileIron Multiple Products
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 3 maja 2022
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2020-15506CRITICAL9.8ten sam produkt

An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0,...

CVE-2013-7287CRITICAL9.8ten sam produkt

MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.

CVE-2014-1409CRITICAL9.1ten sam produkt

MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerab...

CVE-2020-15507HIGH7.5ten sam produkt

An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, ...

CVE-2020-35138CRITICAL9.8ten sam vendor

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encry...