CVE-2020-15505

CRITICAL KEV NUCLEI

MobileIron MDM Hessian-Based Java Deserialization RCE

Title source: metasploit
STIX 2.1

Exploitation Summary

CVE-2020-15505 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 2 public exploits from researchers including Orange Tsai, rootxharsh, iamnoooob, wvu, including a Metasploit module exploits/linux/http/mobileiron_mdm_hessian_rce. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains functional exploit code for multiple CVEs, including CVE-2020-15505 (MobileIron MDM RCE via deserialization), CVE-2021-21307 (Lucee Admin RCE), CVE-2021-22986 (F5 BIG-IP RCE), CVE-2021-26084 (Confluence RCE), and CVE-2021-41349 (Microsoft Exchange XSS). The exploits are well-documented with clear steps and references.

Description

A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.

Exploits (2)

vulncheck_xdb WORKING POC
remote
https://github.com/httpvoid/CVE-Reverse

This repository contains functional exploit code for multiple CVEs, including CVE-2020-15505 (MobileIron MDM RCE via deserialization), CVE-2021-21307 (Lucee Admin RCE), CVE-2021-22986 (F5 BIG-IP RCE), CVE-2021-26084 (Confluence RCE), and CVE-2021-41349 (Microsoft Exchange XSS). The exploits are well-documented with clear steps and references.

Classification
Working Poc 95%
Attack Type
Rce, Xss, Deserialization
Complexity
Moderate
Reliability
Reliable
Target: MobileIron MDM, Lucee Admin, F5 BIG-IP, Atlassian Confluence, Microsoft Exchange
No auth needed
Prerequisites: Access to target endpoints · External tools like marshalsec for payload generation
devstral-2 · analyzed Feb 25, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Orange Tsai, rootxharsh, iamnoooob, wvu · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/mobileiron_mdm_hessian_rce.rb

This Metasploit module exploits CVE-2020-15505, a Java deserialization vulnerability in MobileIron MDM products via a Hessian-based endpoint. It bypasses ACLs to execute arbitrary commands using a Groovy gadget.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MobileIron MDM (multiple versions)
No auth needed
Prerequisites: Network access to the target · Hessian endpoint exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote Code Execution
CRITICALby dwisiswant0

References (5)

Core 5

Scores

CVSS v3 9.8
EPSS 0.9439
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2021-11-03
VulnCheck KEV 2020-10-20
InTheWild.io 2021-07-23
ENISA EUVD EUVD-2020-7497
CWE
CWE-706
Status published
Products (4)
mobileiron/core < 10.3.0.4
mobileiron/enterprise_connector < 10.3.0.4
mobileiron/monitor_and_reporting_database < 2.0.0.2
mobileiron/sentry 9.7.0 - 9.7.3
Published Jul 07, 2020
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026