Vulnerability identifier: #VU46745

Vulnerability risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-15505

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 2

• January 23, 2021
  • MobileIron MDM Hessian-Based Java Deserialization RCE [Metasploit]
• September 16, 2020
  • CVE-2020-15505 (CVE-2020-15505: RCE on MobileIron MDM PoC) [Github]

Impact: Code execution

Vulnerable software:
Enterprise Connector
Client/Desktop applications / Other client software
Reporting Database (RDB)
Client/Desktop applications / Other client software
MobileIron Cloud
Client/Desktop applications / Other client software
Endpoint Manager Mobile (formerly MobileIron Core)
Server applications / IDS/IPS systems, Firewalls and proxy servers
MobileIron Sentry
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Ivanti