Broken Access Control in VMware AirWatch Console
CVE-2017-4942

4.9MEDIUM

Key Information:

Vendor: Vmware
Status: Airwatch Console
Vendor: CVE Published:; 13 December 2017

What is CVE-2017-4942?

The VMware AirWatch Console (AWC) suffers from a Broken Access Control vulnerability that may allow unauthorized administrators to access sensitive end-user device details. This flaw can facilitate potential data exposure, compromising the confidentiality of devices managed through the platform. To mitigate risks associated with this vulnerability, it is essential for users and administrators to apply the necessary security patches and remain aware of the best practices for access control.

Affected Version(s)

Airwatch Console Any

References

https://www.vmware.com/security/advisories/VMSA-2017-0020...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1040003

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/102171

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2017
Vulnerability Reserved
Dec 26, 2016

Vmware

What is CVE-2017-4942?

Affected Version(s)

References

CVSS V3.1

Timeline