CVE-2017-4931

7.8HIGH

Key Information:

Vendor: Vmware
Status: Vmware Airwatch Console (awc)
Vendor: CVE Published:; 16 November 2017

Summary

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious content.

Affected Version(s)

VMware AirWatch Console (AWC) 9.x before 9.2.0

References

http://www.securitytracker.com/id/1039750

vdb-entryx_refsource_SECTRACK

https://www.vmware.com/us/security/advisories/VMSA-2017-0...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101772

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 16, 2017
Vulnerability Reserved
Dec 26, 2016

.