Vulnerability: Command Injection in Ivanti MobileIron Core's 'install rpm url' Command

Vulnerability: Command Injection in Ivanti MobileIron Core's 'install rpm url' Command

CVE-2021-3198 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.

Learn more about our Mobile App Penetration Testing.