#VU46746 Information disclosure in Ivanti products - CVE-2020-15507
Published: September 16, 2020
Vulnerability identifier: #VU46746
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-15507
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Enterprise Connector
Reporting Database (RDB)
MobileIron Cloud
Endpoint Manager Mobile (formerly MobileIron Core)
MobileIron Sentry
Enterprise Connector
Reporting Database (RDB)
MobileIron Cloud
Endpoint Manager Mobile (formerly MobileIron Core)
MobileIron Sentry
Software vendor:
Ivanti
Ivanti
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can read files on the system via unspecified vectors.
Remediation
Install updates from vendor's website.