Vulnerabilities > Mobileiron > Mobile Work > 9.6.0.3.4r
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-29 | CVE-2021-3391 | Unspecified vulnerability in Mobileiron Mobile@Work MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message | 5.0 |
| 2021-03-29 | CVE-2020-35138 | Use of Hard-coded Credentials vulnerability in Mobileiron Mobile@Work The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work (aka com.mobileiron). | 9.8 |
| 2021-03-29 | CVE-2020-35137 | Use of Hard-coded Credentials vulnerability in Mobileiron Mobile@Work The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). | 7.5 |