logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2020-35137

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2020-35137

Description:
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be used for api/v1/gateway/customers/servers requests. NOTE: Vendor states that this is an opt-in feature to the product - it is not enabled by default and customers cannot enable it without an explicit email to support. At this time, they do not plan change to make any changes to this feature.
Last updated date:
08/04/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
03/03/2023
Reference url to background

https://github.com/optiv/rustyIron

Type:
exploit
Confidence:
HIGH
Date of publishing:
03/03/2023
Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy