Vulnerability Description
MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mobileiron | Virtual Smartphone Platform | < 5.9.1 |
| Mobileiron | Sentry | < 5.0 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2014/Apr/21ExploitMailing ListThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92351Third Party AdvisoryVDB Entry
- https://packetstormsecurity.com/files/cve/CVE-2014-1409Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2014/Apr/21ExploitMailing ListThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92351Third Party AdvisoryVDB Entry
- https://packetstormsecurity.com/files/cve/CVE-2014-1409Third Party AdvisoryVDB Entry
FAQ
What is CVE-2014-1409?
CVE-2014-1409 is a vulnerability with a CVSS score of 9.1 (CRITICAL). MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords
How severe is CVE-2014-1409?
CVE-2014-1409 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2014-1409?
Check the references section above for vendor advisories and patch information. Affected products include: Mobileiron Virtual Smartphone Platform, Mobileiron Sentry.