Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
MobileIron Remote Code Execution via LogService - Vulnerability Database

MobileIron Remote Code Execution via LogService

Description

A remote code execution vulnerability exists in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via the LogService.

Remediation

Upgrade to the latest version of MobileIron.

References

CVE-2020-15505
How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM
MobileIron Security Updates Available

Related Vulnerabilities

Check for apache versions up to 1.3.25, 2.0.38 High
Common tags: Code Execution
Drupal Core 7.x Remote Code Execution (7.0 - 7.58) High
Common tags: Code Execution
Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.7) High
Common tags: Code Execution
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.4.8) High
Common tags: Code Execution
Drupal Core 8.6.x Remote Code Execution (8.6.0 - 8.6.9) High
Common tags: Code Execution

Severity

High

Classification

CVE-2020-15505
CWE-78
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution