Approved changes feed: RSS · Atom

cpe:2.3:a:mobileiron:mobile\@work:*:*:*:*:*:iphone_os:*:*

part: a version: * update: *

VendorMobileiron (6be1ac5b-ceca-5f20-bca1-c33c3b0ac3c6)
ProductMobile@Work (5823dd3d-861c-54ef-ab6e-b03b51e0cce8)
Edition*
Language*
Software edition*
Target softwareiphone_os
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2021-3391 vulnerable 2026-06-08 05:33:51.243628 Details available
MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message
Published: 2021-03-29T19:37:09.000Z
Updated: 2024-08-03T16:53:17.425Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-35138 vulnerable 2026-06-08 05:25:00.852468 Details available
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in the com/mobileiron/common/utils/C4928m.java file. NOTE: It has been asserted that there is no causality or connection between credential encryption and the MiTM attack
Published: 2021-03-29T19:36:38.000Z
Updated: 2024-08-04T16:55:10.836Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-35137 vulnerable 2026-06-08 05:25:00.851943 Details available
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be used for api/v1/gateway/customers/servers requests. NOTE: Vendor states that this is an opt-in feature to the product - it is not enabled by default and customers cannot enable it without an explicit email to support. At this time, they do not plan change to make any changes to this feature.
Published: 2021-03-29T00:00:00.000Z
Updated: 2024-08-04T16:55:10.987Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.