20 matches found
EUVD-2014-5790
Malware in sbrugna...
EUVD-2014-5819
Malware in sbrugna...
Absolute Secure Access 安全漏洞
Absolute Secure Access is an application from Absolute, Inc. to provide Secure Service Edge SSE optimized for hybrid and mobile working models. A security vulnerability exists in Absolute Secure Access versions prior to 13.56 that stems from a privilege bypass that could result in overriding poli...
Absolute Secure Access 安全漏洞
Absolute Secure Access is an application from Absolute, Inc. to provide Secure Service Edge SSE optimized for hybrid and mobile working models. A security vulnerability exists in versions prior to Absolute Secure Access 13.56 that stems from a privilege bypass that could lead to improper reading ...
CVE-2021-3391
MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message...
Hardcoded credentials
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work aka com.mobileiron. The key is in the...
Code injection
MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message...
CVE-2021-3391
CVE-2021-3391 affects MobileIron Mobile@Work up to 2021-03-22. The vulnerability enables an attacker to distinguish valid, disabled, and nonexistent user accounts by measuring the number of failed login attempts required to trigger a Lockout message, effectively enabling account enumeration. The ...
CVE-2020-35137
CVE-2020-35137 concerns MobileIron agents for Android and iOS (through 2021-03-22) that hardcode an API key in com/mobileiron/registration/RegisterActivity.java. This key is used to reach the SaaS discovery API via api/v1/gateway/customers/servers. The feature is opt-in and not enabled by default...
CVE-2020-35137
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work aka com.mobileiron. The key is in com/mobileiron/registration/RegisterActivity.java and can be used for...
MobileIron Mobile@Work 安全漏洞
MobileIron Mobile@Work is an application from MobileIron USA, Inc. for iOS devices to securely connect to the corporate network so you can easily access email and other work resources. MobileIron Mobile@Work through 2021-03-22 A security vulnerability exists that allows an attacker to distinguish...
Mobile@Work - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Mobile@Work published at the 'play' market has multiple vulnerabilities...
CVE-2014-5932
The Vodafone Mobile@Work aka com.mobileiron.vodafone.MIClient application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Information disclosure
The Vodafone Mobile@Work aka com.mobileiron.vodafone.MIClient application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5932
The Vodafone Mobile@Work aka com.mobileiron.vodafone.MIClient application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5932
CVE-2014-5932 affects the Vodafone Mobile@Work (com.mobileiron.vodafone.MIClient) Android app (version 6.0.0.1.12R). The root issue is that the client does not verify X.509 certificates from SSL servers, which permits man-in-the-middle attackers to spoof servers and obtain sensitive information v...
CVE-2014-5903
The Mobile@Work aka com.mobileiron application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Information disclosure
The Mobile@Work aka com.mobileiron application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5903
The Mobile@Work aka com.mobileiron application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5903
The CVE-2014-5903 entry describes a vulnerability in the Mobile@Work (com.mobileiron) Android app version 6.0.0.1.12R where the app does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and disclose sensitive information via a crafted certifica...