WEB APPLICATION VULNERABILITIES Standard & Premium

MobileIron Remote Code Execution via LogService

Description

A remote code execution vulnerability exists in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via the LogService.

Remediation

Upgrade to the latest version of MobileIron.

References

How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM

MobileIron Security Updates Available

Related Vulnerabilities

WordPress Plugin All-in-One WP Migration Remote Code Execution (2.0.2)

WordPress Plugin WordPress Mega Menu-QuadMenu Remote Code Execution (2.0.6)

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Remote Code Execution (2.0.14)

WordPress Plugin Master Popups Remote Code Execution (1.0.0)

SAP NetWeaver ConfigServlet remote command execution

Severity

High

Classification

CVE-2020-15505 CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution