CyberSec.Space Logo
Back to CVE Browser

CVE-2017-4951

HIGH
8.8
CVSS Severity Score
EPSS Score0.0660%
EPSS Percentile19.68th
PublishedJan 29, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices.

Affected Platforms (CPE)

πŸ“¦
Vmware

Airwatch

>= 9.1 and < 9.1.5
πŸ“¦
Vmware

Airwatch

>= 9.2 and < 9.2.2

References & Advisories

πŸ”— http://www.securityfocus.com/bid/102849
πŸ”— http://www.securitytracker.com/id/1040288
πŸ”— https://www.vmware.com/security/advisories/VMSA-2018-0006.html
πŸ”— http://www.securityfocus.com/bid/102849
πŸ”— http://www.securitytracker.com/id/1040288
πŸ”— https://www.vmware.com/security/advisories/VMSA-2018-0006.html

Related Vulnerabilities

CVE-2018-696810.0

The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code exec...

CVE-2017-48958.8

Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of t...

CVE-2017-49317.8

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious da...

CVE-2017-49327.8

VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the ...