4 matches found
CVE-2014-1409
MobileIron VSP before 5.9.1 and Sentry before 5.0 are affected by an authentication bypass via an XML file containing obfuscated passwords. The root cause is improper filtering of the j_username parameter in /mics/j_spring_security_check, enabling blind XPath injection to read XML config data. Ex...
MobileIron VSP/Sentry 'j_username'参数XPath注入漏洞
Bugtraq ID:66595 CVE ID:CVE-2014-1409 MobileIron是一个虚拟智能终端平台,包含VSP,Sentry等组件。 MobileIron VSP/Sentry管理接口存在验证绕过漏洞,https://target/mics/jspringsecuritycheck中的脚本不正确过滤'jusername'参数,允许未验证攻击者进行XPath注入攻击,可获取XML文档数据,如配置文件等。 0 MobileIron VSP 5.9.1 MobileIron Sentry 5.0 MobileIron VSP 5.9.1和MobileIron Sentry...
[MATTA-2013-004] CVE-2014-1409; MobileIron authentication bypass vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matta Consulting - Matta Advisory https://www.trustmatta.com MobileIron Multiple Products Authentication Bypass Vulnerability Advisory ID: MATTA-2013-004 CVE reference: CVE-2014-1409, CVE-2013-7286 Affected platforms: VSP and Sentry Version: VSP 5.9...
MobileIron VSP / Sentry Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matta Consulting - Matta Advisory https://www.trustmatta.com MobileIron Multiple Products Authentication Bypass Vulnerability Advisory ID: MATTA-2013-004 CVE reference: CVE-2014-1409, CVE-2013-7286 Affected platforms: VSP and Sentry Version: VSP...