← Back to CVE List

CVE-2020-35137

Published: 2021-03-29T20:15Z
Last Modified: 2024-11-21T05:26Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be used for api/v1/gateway/customers/servers requests. NOTE: Vendor states that this is an opt-in feature to the product - it is not enabled by default and customers cannot enable it without an explicit email to support. At this time, they do not plan change to make any changes to this feature. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt