CVE-2014-1409

Опубликовано: 08 янв. 2020

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords

Ссылки

http://seclists.org/fulldisclosure/2014/Apr/21
Exploit
Mailing List
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/92351
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/cve/CVE-2014-1409
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2014/Apr/21
Exploit
Mailing List
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/92351
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/cve/CVE-2014-1409
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mobileiron:virtual_smartphone_platform:*:*:*:*:*:*:*:*

Версия до 5.9.1 (исключая)

Конфигурация 2

cpe:2.3:a:mobileiron:sentry:*:*:*:*:*:*:*:*

Версия до 5.0 (исключая)

EPSS

Процентиль: 44%

0.00217

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-91

Связанные уязвимости

GHSA-j67q-cq4q-rghp

github

больше 3 лет назад