CVE-2017-4930

5.4MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Airwatch Console (awc)
Vendor: CVE Published:; 16 November 2017

Summary

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL.

Affected Version(s)

VMware AirWatch Console (AWC) 9.x before 9.2.0

References

http://www.securitytracker.com/id/1039750

vdb-entryx_refsource_SECTRACK

https://www.vmware.com/us/security/advisories/VMSA-2017-0...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101772

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 16, 2017
Vulnerability Reserved
Dec 26, 2016

.