Description

A remote code execution vulnerability exists in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via the LogService.

Remediation

Upgrade to the latest version of MobileIron.

References

CVE-2020-15505

How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM

MobileIron Security Updates Available

Related Vulnerabilities

JBoss Seam framework remote code execution

WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Remote Code Execution (5.0.0)

GhostScript RCE (Remote Code Execution)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress PHP Code Injection (3.6.10)

Horde remote code execution

Severity

High

Classification

CVE-2020-15505 CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution