Vulnerabilities > Mobileiron

DATE CVE VULNERABILITY TITLE RISK
2021-03-29 CVE-2021-3391 Unspecified vulnerability in Mobileiron Mobile@Work
MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message
network
low complexity
mobileiron
5.0
2021-03-29 CVE-2020-35138 Use of Hard-coded Credentials vulnerability in Mobileiron Mobile@Work
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work (aka com.mobileiron).
network
low complexity
mobileiron CWE-798
critical
9.8
2021-03-29 CVE-2020-35137 Use of Hard-coded Credentials vulnerability in Mobileiron Mobile@Work
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron).
network
low complexity
mobileiron CWE-798
7.5
2020-07-07 CVE-2020-15507 Information Exposure vulnerability in Mobileiron products
An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read files on the system via unspecified vectors.
network
low complexity
mobileiron CWE-200
5.0
2020-07-07 CVE-2020-15506 Improper Authentication vulnerability in Mobileiron products
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors.
network
low complexity
mobileiron CWE-287
7.5
2020-07-07 CVE-2020-15505 Use of Incorrectly-Resolved Name or Reference vulnerability in Mobileiron products
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
mobileiron CWE-706
critical
9.8
2020-02-13 CVE-2013-7287 Inadequate Encryption Strength vulnerability in Mobileiron Sentry and Virtual Smartphone Platform
MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.
network
low complexity
mobileiron CWE-326
critical
10.0
2020-01-08 CVE-2014-1409 XML Injection (aka Blind XPath Injection) vulnerability in Mobileiron Sentry and Virtual Smartphone Platform
MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords
network
low complexity
mobileiron CWE-91
6.4
2014-09-15 CVE-2014-5903 Cryptographic Issues vulnerability in Mobileiron Mobile@Work 6.0.0.1.12R
The Mobile@Work (aka com.mobileiron) application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
5.4