CVE-2020-15505
CRITICAL KEV NUCLEIMobileIron MDM Hessian-Based Java Deserialization RCE
Title source: metasploitDescription
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
Exploits (2)
metasploit
WORKING POC
EXCELLENT
by Orange Tsai, rootxharsh, iamnoooob, wvu · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/mobileiron_mdm_hessian_rce.rb
Nuclei Templates (1)
MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote Code Execution
CRITICALby dwisiswant0
References (5)
Scores
CVSS v3
9.8
EPSS
0.9439
EPSS Percentile
100.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CISA KEV
2021-11-03
VulnCheck KEV
2020-10-20
InTheWild.io
2021-07-23
ENISA EUVD
EUVD-2020-7497
CWE
CWE-706
Status
published
Products (4)
mobileiron/core
< 10.3.0.4
mobileiron/enterprise_connector
< 10.3.0.4
mobileiron/monitor_and_reporting_database
< 2.0.0.2
mobileiron/sentry
9.7.0 - 9.7.3
Published
Jul 07, 2020
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026