CVE-2017-4930

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.3%
top 46.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware AirwatchVmware Vmware Airwatch Console (awc)
Timeline
PublishedNov 16
Latest updateMay 17

Description

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5vmware/vmware_airwatch_console_(awc)9.x before 9.2.0
NVDvmware/airwatch9.0.09.2.0

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-962f-rw75-96pq: VMware AirWatch Console 92022-05-17
CVEList
CVE-2017-4930: VMware AirWatch Console 92017-11-16

💬Community

1
Bugzilla
CVE-2017-5660 trafficserver: Mishandled folded host header in MIME.cc can lead to incorrect upstream proxies being used2018-03-02
CVE-2017-4930 (MEDIUM CVSS 5.4) | VMware AirWatch Console 9.x prior t | cvebase.io