CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-15505

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score56.0030%
EPSS Percentile88.56th
Published2020年7月7日
Last Modified2025年11月7日

Vulnerability Description

A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.

Affected Platforms (CPE)

📦
Mobileiron

Core

< 10.3.0.4
📦
Mobileiron

Core

>= 10.4.0.0 and < 10.4.0.4
📦
Mobileiron

Core

>= 10.5.1.0 and < 10.5.1.1
📦
Mobileiron

Core

>= 10.5.2.0 and < 10.5.2.1
📦
Mobileiron

Core

>= 10.6.0.0 and < 10.6.0.1
📦
Mobileiron

Enterprise Connector

< 10.3.0.4
📦
Mobileiron

Enterprise Connector

>= 10.4.0.0 and < 10.4.0.4
📦
Mobileiron

Enterprise Connector

>= 10.5.1.0 and < 10.5.1.1
📦
Mobileiron

Enterprise Connector

>= 10.5.2.0 and < 10.5.2.1
📦
Mobileiron

Enterprise Connector

>= 10.6.0.0 and < 10.6.0.1
📦
Mobileiron

Monitor And Reporting Database

< 2.0.0.2
📦
Mobileiron

Sentry

>= 9.7.0 and < 9.7.3
📦
Mobileiron

Sentry

>= 9.8.0 and < 9.8.1

References & Advisories

🔗 http://packetstormsecurity.com/files/161097/MobileIron-MDM-Hessian-Based-Java-Deserialization-Remote-Code-Execution.html
🔗 https://cwe.mitre.org/data/definitions/41.html
🔗 https://perchsecurity.com/perch-news/cve-spotlight-mobileiron-rce-cve-2020-15505/
🔗 https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
🔗 https://www.mobileiron.com/en/blog/mobileiron-security-updates-available
🔗 http://packetstormsecurity.com/files/161097/MobileIron-MDM-Hessian-Based-Java-Deserialization-Remote-Code-Execution.html
🔗 https://cwe.mitre.org/data/definitions/41.html
🔗 https://perchsecurity.com/perch-news/cve-spotlight-mobileiron-rce-cve-2020-15505/

相关漏洞威胁

CVE-1999-129310.0

mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which cause...

CVE-1999-108610.0

Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrat...

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2001-014410.0

CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client...