Mobileiron Mobile@work — known CVE vulnerabilities
Every CVE whose affected-product data names Mobileiron Mobile@work, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2020-35138 — CVSS 9.8 (critical): The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of…
CVE-2020-35137 — CVSS 7.5 (high): The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS…
CVE-2014-5903 — CVSS 5.4 (medium): The Mobile@Work (aka com.mobileiron) application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows…
CVE-2021-3391 — CVSS 5.3 (medium): MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing…