Alert IDs:
- 20929d84-89ef-41df-804b-d66c9d9083e9
- 37af4648-e494-4f75-b29c-6a4e01729a4b
- 7384e09b-b6be-4c82-bd79-fa407112d4cc
- e1fc4670-6874-4f14-8603-0f07b4312c9d
- fee7f0e0-f85a-45a7-b073-b7f09dfa27c3
Vulnerabilities in core
Release: 1.0.125
Total Vulnerabilities: 5
Severity: CRITICAL (Score: 9.8)
Description:
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-15506
Alert ID: 20929d84-89ef-41df-804b-d66c9d9083e9
Severity: HIGH (Score: 7.5)
Description:
An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read files on the system via unspecified vectors.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-15507
Alert ID: 37af4648-e494-4f75-b29c-6a4e01729a4b
Severity: MEDIUM (Score: 6.5)
Description:
Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-5192
Alert ID: 7384e09b-b6be-4c82-bd79-fa407112d4cc
Severity: CRITICAL (Score: 9.8)
Description:
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-15505
Alert ID: e1fc4670-6874-4f14-8603-0f07b4312c9d
5. CVE-2020-15235
Severity: HIGH (Score: 7.5)
Description:
In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-15235
Alert ID: fee7f0e0-f85a-45a7-b073-b7f09dfa27c3
Alert IDs:
Vulnerabilities in core
Release: 1.0.125
Total Vulnerabilities: 5
1. CVE-2020-15506
Severity: CRITICAL (Score: 9.8)
Description:
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-15506
Alert ID: 20929d84-89ef-41df-804b-d66c9d9083e9
2. CVE-2020-15507
Severity: HIGH (Score: 7.5)
Description:
An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read files on the system via unspecified vectors.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-15507
Alert ID: 37af4648-e494-4f75-b29c-6a4e01729a4b
3. CVE-2023-5192
Severity: MEDIUM (Score: 6.5)
Description:
Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-5192
Alert ID: 7384e09b-b6be-4c82-bd79-fa407112d4cc
4. CVE-2020-15505
Severity: CRITICAL (Score: 9.8)
Description:
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-15505
Alert ID: e1fc4670-6874-4f14-8603-0f07b4312c9d
5. CVE-2020-15235
Severity: HIGH (Score: 7.5)
Description:
In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-15235
Alert ID: fee7f0e0-f85a-45a7-b073-b7f09dfa27c3