Mobile@work Security Vulnerabilities and Issues — Mobile@work CVE List

Lucene search

MobileironMobile@work

4 matches found

CVE•added 2021/03/29 8:15 p.m.•35 views

CVE-2020-35138

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in the com/mobileiron/common/utils/C4928m.j...

9.8CVSS8.9AI score0.00217EPSS

CVE•added 2021/03/29 8:15 p.m.•32 views

CVE-2021-3391

MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message

5.3CVSS5.3AI score0.00362EPSS

CVE•added 2021/03/29 8:15 p.m.•30 views

CVE-2020-35137

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be used for api/v1/gatew...

7.5CVSS7.1AI score0.0045EPSS

CVE•added 2014/09/15 2:55 p.m.•25 views

CVE-2014-5903

The Mobile@Work (aka com.mobileiron) application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4CVSS6AI score0.00036EPSS