Vulnerabilities > Mobileiron > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-29 | CVE-2020-35138 | Use of Hard-coded Credentials vulnerability in Mobileiron Mobile@Work The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work (aka com.mobileiron). | 9.8 |
2020-07-07 | CVE-2020-15505 | Use of Incorrectly-Resolved Name or Reference vulnerability in Mobileiron products A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
2020-02-13 | CVE-2013-7287 | Inadequate Encryption Strength vulnerability in Mobileiron Sentry and Virtual Smartphone Platform MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme. | 10.0 |