Vulnerability Details CVE-2020-15505
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.944
EPSS Ranking 100.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Proposed Action
Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/161097/MobileIron-MDM-Hessian-Based-Java-Deserialization-Remote-Code-Execution.html
- https://cwe.mitre.org/data/definitions/41.html
- https://perchsecurity.com/perch-news/cve-spotlight-mobileiron-rce-cve-2020-15505/
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- http://packetstormsecurity.com/files/161097/MobileIron-MDM-Hessian-Based-Java-Deserialization-Remote-Code-Execution.html
- https://cwe.mitre.org/data/definitions/41.html
- https://perchsecurity.com/perch-news/cve-spotlight-mobileiron-rce-cve-2020-15505/
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
Products affected by CVE-2020-15505
-
cpe:2.3:a:mobileiron:core:-
-
cpe:2.3:a:mobileiron:core:10.3.0.3
-
cpe:2.3:a:mobileiron:core:10.4.0.0
-
cpe:2.3:a:mobileiron:core:10.4.0.1
-
cpe:2.3:a:mobileiron:core:10.4.0.2
-
cpe:2.3:a:mobileiron:core:10.4.0.3
-
cpe:2.3:a:mobileiron:core:10.5.1.0
-
cpe:2.3:a:mobileiron:core:10.5.2.0
-
cpe:2.3:a:mobileiron:core:10.6.0.0
-
cpe:2.3:a:mobileiron:enterprise_connector:-
-
cpe:2.3:a:mobileiron:enterprise_connector:10.3.0.3
-
cpe:2.3:a:mobileiron:enterprise_connector:10.4.0.0
-
cpe:2.3:a:mobileiron:enterprise_connector:10.4.0.1
-
cpe:2.3:a:mobileiron:enterprise_connector:10.4.0.2
-
cpe:2.3:a:mobileiron:enterprise_connector:10.4.0.3
-
cpe:2.3:a:mobileiron:enterprise_connector:10.5.1.0
-
cpe:2.3:a:mobileiron:enterprise_connector:10.5.2.0
-
cpe:2.3:a:mobileiron:enterprise_connector:10.6.0.0
-
cpe:2.3:a:mobileiron:monitor_and_reporting_database:-
-
cpe:2.3:a:mobileiron:monitor_and_reporting_database:2.0.0.1
-
cpe:2.3:a:mobileiron:sentry:9.7.0
-
cpe:2.3:a:mobileiron:sentry:9.7.2
-
cpe:2.3:a:mobileiron:sentry:9.8.0