Skip to main content

Cloud CVE-2020-15506

CRITICAL
2020-07-07 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 07, 2020 - 02:15 nvd
CRITICAL 9.8

DescriptionNVD

An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors.

AnalysisAI

An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors. Affected products include: Mobileiron Cloud, Mobileiron Core, Mobileiron Enterprise Connector, Mobileiron Reporting Database, Mobileiron Sentry.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Cloud

View all
CVE-2023-46214 HIGH POC
8.8 Nov 16

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet la

CVE-2018-14417 CRITICAL POC
9.8 Aug 04

A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. Rated criti

CVE-2023-22951 HIGH POC
8.8 Apr 13

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Rated high severity (CVSS 8.8), this vulnerability is

CVE-2014-3476 MEDIUM POC
6.0 Jun 17

OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle c

CVE-2019-9945 CRITICAL
9.8 Mar 23

SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2025-11919 CRITICAL
9.6 Jun 26

Code execution against the shared multi-tenant Java runtime in Wolfram Cloud 14.2 is possible because the default JVM re

CVE-2023-22949 MEDIUM POC
4.9 Apr 14

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Rated medium severity (CVSS 4.9), this vulnerability

CVE-2013-4365 HIGH
7.5 Oct 17

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3

CVE-2023-32764 HIGH
7.8 Aug 03

Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator. Rated hig

CVE-2024-36982 HIGH
7.5 Jul 01

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9

CVE-2023-42578 HIGH
7.5 Dec 05

Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.

CVE-2022-33713 HIGH
7.5 Jul 12

Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive informa

Share

CVE-2020-15506 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy