CVE-2020-15506
published 2020-07-07CVE-2020-15506: An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0…
PriorityP358critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.82%
84.8th percentile
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mobileiron | cloud | <= 10.6 | — |
| mobileiron | core | <= 10.6 | — |
| mobileiron | enterprise_connector | <= 10.6 | — |
| mobileiron | reporting_database | <= 10.6 | — |
| mobileiron | sentry | <= 10.6 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-79pv-hv79-f9hf: MobileIron Core and Connector before 10
ghsa_unreviewed·2022-05-24
CVE-2020-15506 [HIGH] CWE-287 GHSA-79pv-hv79-f9hf: MobileIron Core and Connector before 10
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to bypass authentication mechanisms via unspecified vectors.
Ivanti
Ivanti Security Advisory: CVE-2020-15506
vendor_ivanti·2020-07-07·CVSS 9.8
CVE-2020-15506 [CRITICAL] Ivanti Security Advisory: CVE-2020-15506
Ivanti Security Advisory: CVE-2020-15506
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors.
CVE IDs: CVE-2020-15506
CVSS Base Score: 9.8
Severity: CRITICAL
No detection rules found.
No public exploits indexed.
Unit42
Top CVEs to Patch: Insights from the 2022 Unit 42 Network Threat Trends Research Report
blogs_unit42·2022-07-21·CVSS 9.8
CVE-2017-5638 [CRITICAL] Top CVEs to Patch: Insights from the 2022 Unit 42 Network Threat Trends Research Report
Threat Research Center
Trend Reports
Vulnerabilities
## Top CVEs to Patch: Insights from the 2022 Unit 42 Network Threat Trends Research Report
Unit 42
Published: July 21, 2022
Trend Reports
Vulnerabilities
Apache Log4j
CVE-2017-5638
CVE-2017-9841
CVE-2018-19986
CVE-2019-02320
CVE-2019-19597
CVE-2019-9082
CVE-2020-14882
CVE-2020-14883
CVE-2020-15505
CVE-2020-15506
CVE-2020-25078
CVE-2020-5902
CVE-2021-21315
CVE-2021-22986
CVE-2021-26855
CVE-2021-31805
CVE-2021-34473
CVE-2021-35464
CVE-2021-38647
CVE-2021-40438
CVE-2021-40539
CVE-2021-41773
CVE-2021-42013
CVE-2021-44228
CVE-2021-45046
CVE-2022-22963
CVE-2022-22965
Network security trends
Unit 42 Network Threat Trends Research Report
## Executive Summary
Tens of thousands of vulnerabilities are repo
Unit42
Top CVEs to Patch: Insights from the 2022 Unit 42 Network Threat Trends Research Report
blogs_unit42·2022-07-21·CVSS 9.8
[CRITICAL] Top CVEs to Patch: Insights from the 2022 Unit 42 Network Threat Trends Research Report
## Executive Summary
Tens of thousands of vulnerabilities are reported every year, but not all are used by threat actors in real-world attacks. There are many reasons for this: a proof of concept (PoC) may not be available for attackers to weaponize, it may be too difficult to exploit the vulnerability, there may be a lack of accessible vulnerable software on the internet, or attackers may simply deem a vulnerability not worth exploiting due to low impact. Real-world defenders need real-world data on which vulnerabilities attackers are choosing to exploit – and where to focus protections.
In the 2022 Unit 42 Network Threat Trends Research Report, we’ve used data captured by the Palo Alto Networks Advanced Threat Prevention security service on Next-Generation Firewall and Prisma SASE from
2020-07-07
Published