CVE-2017-4951
published 2018-01-29CVE-2017-4951: VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An…
high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | airwatch | >= 9.1 < 9.1.5 | 9.1.5 |
| vmware | airwatch | >= 9.2 < 9.2.2 | 9.2.2 |
| vmware | airwatch_console | — | — |
| vmware | airwatch_console | — | — |
| vmware | vmware_vrealize | — | — |
| vmware | vmware_vsphere | — | — |