VMware AirWatch Console Vulnerability for Users Handling Log Files
CVE-2017-4931

7.8HIGH

Key Information:

Vendor: Vmware
Status: Vmware Airwatch Console (awc)
Vendor: CVE Published:; 16 November 2017

What is CVE-2017-4931?

VMware AirWatch Console versions 9.x prior to 9.2.0 have a vulnerability that permits authenticated users to insert malicious data into the log files of an enrolled device. If this vulnerability is exploited, it may lead to the execution of harmful content when a user unknowingly opens a CSV file generated from the compromised logs. This poses significant security risks, highlighting the need for immediate updates to protect against such threats.

Affected Version(s)

VMware AirWatch Console (AWC) 9.x before 9.2.0

References

http://www.securitytracker.com/id/1039750

vdb-entryx_refsource_SECTRACK

https://www.vmware.com/us/security/advisories/VMSA-2017-0...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101772

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 16, 2017
Vulnerability Reserved
Dec 26, 2016

Vmware

What is CVE-2017-4931?

Affected Version(s)

References

CVSS V3.1

Timeline