Lucene search
K

4 matches found

CVE
CVE
added 2020/01/08 3:29 p.m.88 views

CVE-2014-1409

MobileIron VSP before 5.9.1 and Sentry before 5.0 are affected by an authentication bypass via an XML file containing obfuscated passwords. The root cause is improper filtering of the j_username parameter in /mics/j_spring_security_check, enabling blind XPath injection to read XML config data. Ex...

9.1CVSS9.3AI score0.04049EPSS
Exploits3References3Affected Software1
seebug.org
seebug.org
added 2014/04/08 12:0 a.m.148 views

MobileIron VSP/Sentry 'j_username'参数XPath注入漏洞

Bugtraq ID:66595 CVE ID:CVE-2014-1409 MobileIron是一个虚拟智能终端平台,包含VSP,Sentry等组件。 MobileIron VSP/Sentry管理接口存在验证绕过漏洞,https://target/mics/jspringsecuritycheck中的脚本不正确过滤'jusername'参数,允许未验证攻击者进行XPath注入攻击,可获取XML文档数据,如配置文件等。 0 MobileIron VSP 5.9.1 MobileIron Sentry 5.0 MobileIron VSP 5.9.1和MobileIron Sentry...

9.1AI score0.04049EPSS
Exploits3
securityvulns
securityvulns
added 2014/04/07 12:0 a.m.101 views

[MATTA-2013-004] CVE-2014-1409; MobileIron authentication bypass vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matta Consulting - Matta Advisory https://www.trustmatta.com MobileIron Multiple Products Authentication Bypass Vulnerability Advisory ID: MATTA-2013-004 CVE reference: CVE-2014-1409, CVE-2013-7286 Affected platforms: VSP and Sentry Version: VSP 5.9...

8.9AI score0.04049EPSS
Exploits4
Packet Storm
Packet Storm
added 2014/04/02 12:0 a.m.108 views

MobileIron VSP / Sentry Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matta Consulting - Matta Advisory https://www.trustmatta.com MobileIron Multiple Products Authentication Bypass Vulnerability Advisory ID: MATTA-2013-004 CVE reference: CVE-2014-1409, CVE-2013-7286 Affected platforms: VSP and Sentry Version: VSP...

3.7CVSS0.4AI score0.04049EPSS
Exploits4
Rows per page
Query Builder