CVE-2017-4931

CWE-20Improper Input Validation3 documents3 sources
Severity
7.8HIGH
EPSS
0.2%
top 55.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware AirwatchVmware Vmware Airwatch Console (awc)
Timeline
PublishedNov 16
Latest updateMay 17

Description

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious content.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5vmware/vmware_airwatch_console_(awc)9.x before 9.2.0
NVDvmware/airwatch9.0.09.2.0

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-cfcx-vfw6-mfjv: VMware AirWatch Console 92022-05-17
CVEList
CVE-2017-4931: VMware AirWatch Console 92017-11-16
CVE-2017-4931 (HIGH CVSS 7.8) | VMware AirWatch Console 9.x prior t | cvebase.io