Vulnerability Details CVE-2021-3391
MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.4%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- https://github.com/optiv/rustyIron
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration
- https://github.com/optiv/rustyIron
- https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
- https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration
Products affected by CVE-2021-3391
-
cpe:2.3:a:mobileiron:mobile@work:-
-
cpe:2.3:a:mobileiron:mobile@work:10.0.0
-
cpe:2.3:a:mobileiron:mobile@work:10.0.0.0.91r
-
cpe:2.3:a:mobileiron:mobile@work:10.0.1
-
cpe:2.3:a:mobileiron:mobile@work:10.0.2
-
cpe:2.3:a:mobileiron:mobile@work:10.1.0
-
cpe:2.3:a:mobileiron:mobile@work:10.1.0.0.69r
-
cpe:2.3:a:mobileiron:mobile@work:10.1.1.0.4r
-
cpe:2.3:a:mobileiron:mobile@work:10.2
-
cpe:2.3:a:mobileiron:mobile@work:10.2.0.1.3r
-
cpe:2.3:a:mobileiron:mobile@work:10.2.0.1.6r
-
cpe:2.3:a:mobileiron:mobile@work:10.2.1.0.62r
-
cpe:2.3:a:mobileiron:mobile@work:10.2.1.1.3r
-
cpe:2.3:a:mobileiron:mobile@work:10.3.0.1.1r
-
cpe:2.3:a:mobileiron:mobile@work:10.3.0.2.2r
-
cpe:2.3:a:mobileiron:mobile@work:10.3.0.3.4r
-
cpe:2.3:a:mobileiron:mobile@work:10.4.0.1.3r
-
cpe:2.3:a:mobileiron:mobile@work:10.4.1.1.3r
-
cpe:2.3:a:mobileiron:mobile@work:10.4.1.2.9r
-
cpe:2.3:a:mobileiron:mobile@work:10.5.0.0.107r
-
cpe:2.3:a:mobileiron:mobile@work:10.5.1.0.52r
-
cpe:2.3:a:mobileiron:mobile@work:10.7.0.0.132r
-
cpe:2.3:a:mobileiron:mobile@work:10.8.0.1.2r
-
cpe:2.3:a:mobileiron:mobile@work:11.0.0
-
cpe:2.3:a:mobileiron:mobile@work:11.0.0.0.115r
-
cpe:2.3:a:mobileiron:mobile@work:11.0.1
-
cpe:2.3:a:mobileiron:mobile@work:11.1.0
-
cpe:2.3:a:mobileiron:mobile@work:12.0.0
-
cpe:2.3:a:mobileiron:mobile@work:12.0.1
-
cpe:2.3:a:mobileiron:mobile@work:12.0.2
-
cpe:2.3:a:mobileiron:mobile@work:12.0.3
-
cpe:2.3:a:mobileiron:mobile@work:12.1.0
-
cpe:2.3:a:mobileiron:mobile@work:12.1.1
-
cpe:2.3:a:mobileiron:mobile@work:12.11.0
-
cpe:2.3:a:mobileiron:mobile@work:12.11.1
-
cpe:2.3:a:mobileiron:mobile@work:12.2
-
cpe:2.3:a:mobileiron:mobile@work:12.2.1
-
cpe:2.3:a:mobileiron:mobile@work:12.2.2
-
cpe:2.3:a:mobileiron:mobile@work:12.3.0
-
cpe:2.3:a:mobileiron:mobile@work:12.3.1
-
cpe:2.3:a:mobileiron:mobile@work:12.4.0
-
cpe:2.3:a:mobileiron:mobile@work:12.4.1
-
cpe:2.3:a:mobileiron:mobile@work:9.3.0.2.1r
-
cpe:2.3:a:mobileiron:mobile@work:9.4.0.2.16r
-
cpe:2.3:a:mobileiron:mobile@work:9.4.0.3.5r
-
cpe:2.3:a:mobileiron:mobile@work:9.5.0.0.93r
-
cpe:2.3:a:mobileiron:mobile@work:9.5.1.0.19r
-
cpe:2.3:a:mobileiron:mobile@work:9.5.1.1.1r
-
cpe:2.3:a:mobileiron:mobile@work:9.6.0.1.5r
-
cpe:2.3:a:mobileiron:mobile@work:9.6.0.2.11r
-
cpe:2.3:a:mobileiron:mobile@work:9.6.0.3.4r
-
cpe:2.3:a:mobileiron:mobile@work:9.7.0.0.95r
-
cpe:2.3:a:mobileiron:mobile@work:9.7.1.0.28r
-
cpe:2.3:a:mobileiron:mobile@work:9.7.1.1.2r
-
cpe:2.3:a:mobileiron:mobile@work:9.7.2
-
cpe:2.3:a:mobileiron:mobile@work:9.8