CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-4951

HIGH
8.8
CVSS Severity Score
EPSS Score0.0660%
EPSS Percentile19.68th
Published2018年1月29日
Last Modified2024年11月21日

Vulnerability Description

VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices.

Affected Platforms (CPE)

📦
Vmware

Airwatch

>= 9.1 and < 9.1.5
📦
Vmware

Airwatch

>= 9.2 and < 9.2.2

References & Advisories

🔗 http://www.securityfocus.com/bid/102849
🔗 http://www.securitytracker.com/id/1040288
🔗 https://www.vmware.com/security/advisories/VMSA-2018-0006.html
🔗 http://www.securityfocus.com/bid/102849
🔗 http://www.securitytracker.com/id/1040288
🔗 https://www.vmware.com/security/advisories/VMSA-2018-0006.html

関連する脆弱性情報

CVE-2018-696810.0

The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code exec...

CVE-2017-48958.8

Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of t...

CVE-2017-49317.8

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious da...

CVE-2017-49327.8

VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the ...