Vulnerability Details CVE-2020-15505
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.943
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Proposed Action
Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/161097/MobileIron-MDM-Hessian-Based-Java-Deserialization-Remote-Code-Execution.html
- https://cwe.mitre.org/data/definitions/41.html
- https://perchsecurity.com/perch-news/cve-spotlight-mobileiron-rce-cve-2020-15505/
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- http://packetstormsecurity.com/files/161097/MobileIron-MDM-Hessian-Based-Java-Deserialization-Remote-Code-Execution.html
- https://cwe.mitre.org/data/definitions/41.html
- https://perchsecurity.com/perch-news/cve-spotlight-mobileiron-rce-cve-2020-15505/
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
Products affected by CVE-2020-15505
-
cpe:2.3:a:mobileiron:core:-
-
cpe:2.3:a:mobileiron:core:10.3.0.3
-
cpe:2.3:a:mobileiron:core:10.4.0.0
-
cpe:2.3:a:mobileiron:core:10.4.0.1
-
cpe:2.3:a:mobileiron:core:10.4.0.2
-
cpe:2.3:a:mobileiron:core:10.4.0.3
-
cpe:2.3:a:mobileiron:core:10.5.1.0
-
cpe:2.3:a:mobileiron:core:10.5.2.0
-
cpe:2.3:a:mobileiron:core:10.6.0.0
-
cpe:2.3:a:mobileiron:enterprise_connector:-
-
cpe:2.3:a:mobileiron:enterprise_connector:10.3.0.3
-
cpe:2.3:a:mobileiron:enterprise_connector:10.4.0.0
-
cpe:2.3:a:mobileiron:enterprise_connector:10.4.0.1
-
cpe:2.3:a:mobileiron:enterprise_connector:10.4.0.2
-
cpe:2.3:a:mobileiron:enterprise_connector:10.4.0.3
-
cpe:2.3:a:mobileiron:enterprise_connector:10.5.1.0
-
cpe:2.3:a:mobileiron:enterprise_connector:10.5.2.0
-
cpe:2.3:a:mobileiron:enterprise_connector:10.6.0.0
-
cpe:2.3:a:mobileiron:monitor_and_reporting_database:-
-
cpe:2.3:a:mobileiron:monitor_and_reporting_database:2.0.0.1
-
cpe:2.3:a:mobileiron:sentry:9.7.0
-
cpe:2.3:a:mobileiron:sentry:9.7.2
-
cpe:2.3:a:mobileiron:sentry:9.8.0