CVE-2017-4951 — Cross-Site Request Forgery in Vmware Airwatch

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 60.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Airwatch Vmware Airwatch Console

Timeline

PublishedJan 29

Latest updateMay 14

Description

VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5vmware/airwatch_console9.1.x before 9.1.5, 9.2.x before 9.2.2+1

▶NVDvmware/airwatch9.1 — 9.1.5+1

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-97q6-87j9-jw23: VMware AirWatch Console (9↗2022-05-14

▶

CVEList

CVE-2017-4951: VMware AirWatch Console (9↗2018-01-29

▶