{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T04:45:06.216","vulnerabilities":[{"cve":{"id":"CVE-2020-15505","sourceIdentifier":"cve@mitre.org","published":"2020-07-07T02:15:10.613","lastModified":"2025-11-07T19:32:10.727","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors."},{"lang":"es","value":"Se presenta una vulnerabilidad de ejecución de código remoto en las versiones 10.3.0.3 y anteriores del MobileIron Core y Connector, versiones 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 y 10.6.0.0; y las versiones 9 del Sentry. 7.2 y anteriores, y versiones 9.8.0; y Monitor and Reporting Database (RDB) versión 2.0.0.1 y anteriores que permite a los atacantes remotos ejecutar código arbitrario a través de vectores no especificados"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"cisaExploitAdd":"2021-11-03","cisaActionDue":"2022-05-03","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-706"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-706"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mobileiron:core:*:*:*:*:*:*:*:*","versionEndExcluding":"10.3.0.4","matchCriteriaId":"85108795-4F9A-442D-AC89-7D7BD789CDE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mobileiron:core:*:*:*:*:*:*:*:*","versionStartIncluding":"10.4.0.0","versionEndExcluding":"10.4.0.4","matchCriteriaId":"435C14AB-8E82-4960-9707-029E78F05B7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:mobileiron:core:*:*:*:*:*:*:*:*","versionStartIncluding":"10.5.1.0","versionEndExcluding":"10.5.1.1","matchCriteriaId":"42F33D03-891D-441E-9791-C30C6ACDFF52"},{"vulnerable":true,"criteria":"cpe:2.3:a:mobileiron:core:*:*:*:*:*:*:*:*","versionStartIncluding":"10.5.2.0","versionEndExcluding":"10.5.2.1","matchCriteriaId":"ACF97F92-1F87-4999-8C2F-931FABBA808C"},{"vulnerable":true,"criteria":"cpe:2.3:a:mobileiron:core:*:*:*:*:*:*:*:*","versionStartIncluding":"10.6.0.0","versionEndExcluding":"10.6.0.1","matchCriteriaId":"224FABD4-3BEB-4B43-A56F-FDC0DB4F4A6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:mobileiron:enterprise_connector:*:*:*:*:*:*:*:*","versionEndExcluding":"10.3.0.4","matchCriteriaId":"8EAE4F4A-3367-478C-847B-874F5478A88C"},{"vulnerable":true,"criteria":"cpe:2.3:a:mobileiron:enterprise_connector:*:*:*:*:*:*:*:*","versionStartIncluding":"10.4.0.0","versionEndExcluding":"10.4.0.4","matchCriteriaId":"E35CE2A3-27E9-4A07-B955-8566B282AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mobileiron:enterprise_connector:*:*:*:*:*:*:*:*","versionStartIncluding":"10.5.1.0","versionEndExcluding":"10.5.1.1","matchCriteriaId":"D14ACC79-D792-4D49-9614-08D498663C89"},{"vulnerable":true,"criteria":"cpe:2.3:a:mobileiron:enterprise_connector:*:*:*:*:*:*:*:*","versionStartIncluding":"10.5.2.0","versionEndExcluding":"10.5.2.1","matchCriteriaId":"E96AFC4F-59A2-48C6-A19B-37C409665A6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:mobileiron:enterprise_connector:*:*:*:*:*:*:*:*","versionStartIncluding":"10.6.0.0","versionEndExcluding":"10.6.0.1","matchCriteriaId":"3B882EB7-EF53-41A9-9C6F-206F29344BC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mobileiron:monitor_and_reporting_database:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.0.2","matchCriteriaId":"01885369-CE7E-40E3-903A-F7D4B123F0FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:mobileiron:sentry:*:*:*:*:*:*:*:*","versionStartIncluding":"9.7.0","versionEndExcluding":"9.7.3","matchCriteriaId":"89E6B0D3-880D-4159-BF43-0103AC305969"},{"vulnerable":true,"criteria":"cpe:2.3:a:mobileiron:sentry:*:*:*:*:*:*:*:*","versionStartIncluding":"9.8.0","versionEndExcluding":"9.8.1","matchCriteriaId":"B3AE2420-9714-456E-81DC-2464B92C1ED8"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/161097/MobileIron-MDM-Hessian-Based-Java-Deserialization-Remote-Code-Execution.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://cwe.mitre.org/data/definitions/41.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://perchsecurity.com/perch-news/cve-spotlight-mobileiron-rce-cve-2020-15505/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.mobileiron.com/en/blog/mobileiron-security-updates-available","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.mobileiron.com/en/blog/mobileiron-security-updates-available","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/161097/MobileIron-MDM-Hessian-Based-Java-Deserialization-Remote-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://cwe.mitre.org/data/definitions/41.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://perchsecurity.com/perch-news/cve-spotlight-mobileiron-rce-cve-2020-15505/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.mobileiron.com/en/blog/mobileiron-security-updates-available","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.mobileiron.com/en/blog/mobileiron-security-updates-available","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-15505","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}