Wiz
Vulnerability DatabaseCVE-2013-7287

CVE-2013-7287
Ivanti MobileIron Sentry vulnerability analysis and mitigation

Overview

MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 contain an insecure encryption scheme vulnerability identified as CVE-2013-7287. The vulnerability was discovered during a security assessment and was publicly disclosed in December 2013 (Mailing List).

Technical details

The vulnerability stems from the implementation of an insecure encryption scheme in MobileIron's products. The system uses AES-ECB-PKCS1.5 with a known, shared key for encryption, which is fundamentally insecure. This vulnerability has been assigned a CVSS v3.1 base score of 9.8 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (NVD).

Impact

The vulnerability could allow attackers to decrypt sensitive information stored in the system. Due to the use of a known, shared encryption key, any encrypted data within the affected versions could be compromised, potentially exposing sensitive organizational data (Mailing List).

Mitigation and workarounds

The vendor has addressed this vulnerability by implementing a stronger encryption method in version 5.7 and later releases. Organizations should upgrade VSP to version 5.9.1 or later, and Sentry to version 5.0 or later to mitigate this vulnerability (Mailing List).

Additional resources

SourceThis report was generated using AI

Related Ivanti MobileIron Sentry vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2023-38035CRITICAL9.8
  • Ivanti MobileIron SentryIvanti MobileIron Sentry
  • cpe:2.3:a:ivanti:mobileiron_sentry
YesYesAug 21, 2023
CVE-2020-15506CRITICAL9.8
  • NixOSNixOS
  • core
NoYesJul 07, 2020
CVE-2020-15505CRITICAL9.8
  • NixOSNixOS
  • core
YesYesJul 07, 2020
CVE-2023-41724HIGH8.8
  • Ivanti MobileIron SentryIvanti MobileIron Sentry
  • cpe:2.3:a:ivanti:mobileiron_sentry
NoYesMar 31, 2024
CVE-2020-15507HIGH7.5
  • NixOSNixOS
  • cpe:2.3:a:mobileiron:sentry
NoYesJul 07, 2020

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo