A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Core | Mobileiron | * | 10.3.0.4 (excluding) |
| Core | Mobileiron | 10.4.0.0 (including) | 10.4.0.4 (excluding) |
| Core | Mobileiron | 10.5.1.0 (including) | 10.5.1.1 (excluding) |
| Core | Mobileiron | 10.5.2.0 (including) | 10.5.2.1 (excluding) |
| Core | Mobileiron | 10.6.0.0 (including) | 10.6.0.1 (excluding) |
| Enterprise_connector | Mobileiron | * | 10.3.0.4 (excluding) |
| Enterprise_connector | Mobileiron | 10.4.0.0 (including) | 10.4.0.4 (excluding) |
| Enterprise_connector | Mobileiron | 10.5.1.0 (including) | 10.5.1.1 (excluding) |
| Enterprise_connector | Mobileiron | 10.5.2.0 (including) | 10.5.2.1 (excluding) |
| Enterprise_connector | Mobileiron | 10.6.0.0 (including) | 10.6.0.1 (excluding) |
| Monitor_and_reporting_database | Mobileiron | * | 2.0.0.2 (excluding) |
| Sentry | Mobileiron | 9.7.0 (including) | 9.7.3 (excluding) |
| Sentry | Mobileiron | 9.8.0 (including) | 9.8.1 (excluding) |