What is CVE-2020-35137?

CVE-2020-35137 is a vulnerability found in the MobileIron agents for Android and iOS.

What is the severity of CVE-2020-35137?

CVE-2020-35137 has a severity score of 7.5 (High).

How does CVE-2020-35137 affect Mobile@Work?

CVE-2020-35137 affects Mobile@Work, also known as com.mobileiron.

Is CVE-2020-35137 a disputed vulnerability?

Yes, CVE-2020-35137 is a disputed vulnerability.

Are there any fixes or mitigations available for CVE-2020-35137?

It is recommended to update the MobileIron agents to the latest version to mitigate the CVE-2020-35137 vulnerability.

Vulnerability/
CVE-2020-35137

high

7.5

CWE

798

29/3/2021

4/8/2024

CVE-2020-35137

First published: Mon Mar 29 2021(Updated: )

** DISPUTED ** The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be used for api/v1/gateway/customers/servers requests. NOTE: Vendor states that this is an opt-in feature to the product - it is not enabled by default and customers cannot enable it without an explicit email to support. At this time, they do not plan change to make any changes to this feature.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Mobileiron Mobile\@work	<=2021-03-22
	<=2021-03-22
Mobileiron Mobile\@work	<=2021-03-22

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-35137?
CVE-2020-35137 is a vulnerability found in the MobileIron agents for Android and iOS.
What is the severity of CVE-2020-35137?
CVE-2020-35137 has a severity score of 7.5 (High).
How does CVE-2020-35137 affect Mobile@Work?
CVE-2020-35137 affects Mobile@Work, also known as com.mobileiron.
Is CVE-2020-35137 a disputed vulnerability?
Yes, CVE-2020-35137 is a disputed vulnerability.
Are there any fixes or mitigations available for CVE-2020-35137?
It is recommended to update the MobileIron agents to the latest version to mitigate the CVE-2020-35137 vulnerability.

collector/nvd-index
agent/type
agent/first-publish-date
agent/severity
agent/weakness
agent/references
agent/author
agent/status
agent/description
agent/event
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
collector/mitre-cve
source/MITRE
status/disputed
vendor/mobileiron
canonical/mobileiron mobile\@work
version/mobileiron mobile\@work/2021-03-22

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.