The vulnerabilities include those of the MobileIron Core, a secure mobile gateway for managing the lifecycle of mobile devices and applications; the MobileIron Sentry, an application for data monitoring; the MobileIron Monitor and Reporting Database (RDB), an application for collecting data about devices and software; and the MobileIron Enterprise Connector, which is related to access control deficiencies, allowing attackers to execute arbitrary code.

🗓️ 01 Dec 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Vulnerabilities in MobileIron Core, Sentry, Monitor and Reporting Database, and Enterprise Connector enable remote code execution.

Reporter	Title	Published	Views	Family All 30
0day.today	MobileIron MDM Hessian-Based Java Deserialization Remote Code Execution Exploit	27 Jan 202100:00	–	zdt
ICS	Potential for China Cyber Response to Heightened U.S.–China Tensions	20 Oct 202012:00	–	ics
ICS	APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations	24 Oct 202012:00	–	ics
ICS	Top Routinely Exploited Vulnerabilities	20 Aug 202112:00	–	ics
ATTACKERKB	CVE-2020-15505	7 Jul 202000:00	–	attackerkb
ATTACKERKB	CVE-2020-15506	7 Jul 202000:00	–	attackerkb
Circl	CVE-2020-15505	13 Oct 202006:50	–	circl
CISA KEV Catalog	Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability	3 Nov 202100:00	–	cisa_kev
Check Point Advisories	MobileIron Core And Connector Remote Code Execution (CVE-2020-15505)	21 Oct 202000:00	–	checkpoint_advisories
CVE	CVE-2020-15505	7 Jul 202001:43	–	cve

Vulners

Node

ivanti mobileiron_sentryRange≤9.7.2

OR

ivanti mobileiron_sentryMatch9.8.0

OR

ivanti mobileiron_monitor_and_reporting_database_(rdb)Range≤2.0.0.1

OR

ivanti ivanti_endpoint_manager_mobileRange<10.3.0.4

OR

ivanti ivanti_endpoint_manager_mobileRange10.4.0.0–10.4.0.4

OR

ivanti ivanti_endpoint_manager_mobileRange10.5.1.0–10.5.1.1

OR

ivanti ivanti_endpoint_manager_mobileRange10.5.2.0–10.5.2.1

OR

ivanti ivanti_endpoint_manager_mobileRange10.6.0.0–10.6.0.1

OR

ivanti mobileiron_enterprise_connectorRange<10.3.0.4

OR

ivanti mobileiron_enterprise_connectorRange10.4.0.0–10.4.0.4

OR

ivanti mobileiron_enterprise_connectorRange10.5.1.0–10.5.1.1

OR

ivanti mobileiron_enterprise_connectorRange10.5.2.0–10.5.2.1

OR

ivanti mobileiron_enterprise_connectorRange10.6.0.0–10.6.0.1

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/161097/MobileIron-MDM-Hessian-Based-Java-Deserialization-Remote-Code-Execution.html
perchsecurity	www.perchsecurity.com/perch-news/cve-spotlight-mobileiron-rce-cve-2020-15505/
ivanti	www.ivanti.com/blog/mobileiron-security-updates-available
nvd	www.nvd.nist.gov/vuln/detail/cve-2020-15505
web	www.web.nvd.nist.gov/view/vuln/detail

01 Dec 2021 00:00Current

8.4High risk

Vulners AI Score8.4

CVSS 27.5

CVSS 39.8

EPSS0.94388

MobileIron Core MobileIron Sentry Monitor Database Enterprise Connector Access control flaws