Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for AirWatch Console by VMware

    CVE-2017-4951 (GCVE-0-2017-4951)

    Vulnerability from nvd – Published: 2018-01-29 16:00 – Updated: 2024-09-16 20:03
    VLAI
    Summary
    VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices.
    Severity
    No CVSS data available.
    CWE
    • Cross Site Request Forgery
    Assigner
    References
    URL Tags
    https://www.vmware.com/security/advisories/VMSA-2… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040288 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/102849 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    VMware AirWatch Console Affected: 9.2.x before 9.2.2
    Affected: 9.1.x before 9.1.5
    Create a notification for this product.
    Date Public
    2018-01-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:47:44.000Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2018-0006.html"
              },
              {
                "name": "1040288",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040288"
              },
              {
                "name": "102849",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102849"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirWatch Console",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.2.x before 9.2.2"
                },
                {
                  "status": "affected",
                  "version": "9.1.x before 9.1.5"
                }
              ]
            }
          ],
          "datePublic": "2018-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Request Forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-31T10:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0006.html"
            },
            {
              "name": "1040288",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040288"
            },
            {
              "name": "102849",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102849"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "DATE_PUBLIC": "2018-01-26T00:00:00",
              "ID": "CVE-2017-4951",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AirWatch Console",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.2.x before 9.2.2"
                              },
                              {
                                "version_value": "9.1.x before 9.1.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Request Forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2018-0006.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2018-0006.html"
                },
                {
                  "name": "1040288",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040288"
                },
                {
                  "name": "102849",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102849"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4951",
        "datePublished": "2018-01-29T16:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:03:05.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4942 (GCVE-0-2017-4942)

    Vulnerability from nvd – Published: 2017-12-13 02:00 – Updated: 2024-09-16 17:58
    VLAI
    Summary
    VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.
    Severity
    No CVSS data available.
    CWE
    • Broken Access Control
    Assigner
    References
    URL Tags
    https://www.vmware.com/security/advisories/VMSA-2… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040003 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/102171 vdb-entryx_refsource_BID
    Impacted products
    Date Public
    2017-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:47:43.325Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2017-0020.html"
              },
              {
                "name": "1040003",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040003"
              },
              {
                "name": "102171",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102171"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Airwatch Console",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "Any"
                }
              ]
            }
          ],
          "datePublic": "2017-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Broken Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-14T10:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2017-0020.html"
            },
            {
              "name": "1040003",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040003"
            },
            {
              "name": "102171",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102171"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "DATE_PUBLIC": "2017-12-12T00:00:00",
              "ID": "CVE-2017-4942",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Airwatch Console",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Any"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Broken Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2017-0020.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2017-0020.html"
                },
                {
                  "name": "1040003",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040003"
                },
                {
                  "name": "102171",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102171"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4942",
        "datePublished": "2017-12-13T02:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:58:52.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4896 (GCVE-0-2017-4896)

    Vulnerability from nvd – Published: 2017-05-10 14:00 – Updated: 2024-08-05 14:39
    VLAI
    Summary
    Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.
    Severity
    No CVSS data available.
    CWE
    • Encyption bypass
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/95889 vdb-entryx_refsource_BID
    http://www.vmware.com/us/security/advisories/VMSA… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1037738 vdb-entryx_refsource_SECTRACK
    Impacted products
    Date Public
    2017-01-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.485Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "95889",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95889"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
              },
              {
                "name": "1037738",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037738"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Airwatch Console",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "x.x"
                }
              ]
            },
            {
              "product": "Airwatch Inbox",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "x.x"
                }
              ]
            }
          ],
          "datePublic": "2017-01-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Encyption bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-24T12:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "name": "95889",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95889"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
            },
            {
              "name": "1037738",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1037738"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2017-4896",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Airwatch Console",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "x.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Airwatch Inbox",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "x.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Encyption bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "95889",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95889"
                },
                {
                  "name": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
                },
                {
                  "name": "1037738",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1037738"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4896",
        "datePublished": "2017-05-10T14:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.485Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4951 (GCVE-0-2017-4951)

    Vulnerability from cvelistv5 – Published: 2018-01-29 16:00 – Updated: 2024-09-16 20:03
    VLAI
    Summary
    VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices.
    Severity
    No CVSS data available.
    CWE
    • Cross Site Request Forgery
    Assigner
    References
    URL Tags
    https://www.vmware.com/security/advisories/VMSA-2… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040288 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/102849 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    VMware AirWatch Console Affected: 9.2.x before 9.2.2
    Affected: 9.1.x before 9.1.5
    Create a notification for this product.
    Date Public
    2018-01-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:47:44.000Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2018-0006.html"
              },
              {
                "name": "1040288",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040288"
              },
              {
                "name": "102849",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102849"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirWatch Console",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.2.x before 9.2.2"
                },
                {
                  "status": "affected",
                  "version": "9.1.x before 9.1.5"
                }
              ]
            }
          ],
          "datePublic": "2018-01-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Request Forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-31T10:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0006.html"
            },
            {
              "name": "1040288",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040288"
            },
            {
              "name": "102849",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102849"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "DATE_PUBLIC": "2018-01-26T00:00:00",
              "ID": "CVE-2017-4951",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AirWatch Console",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.2.x before 9.2.2"
                              },
                              {
                                "version_value": "9.1.x before 9.1.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Request Forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2018-0006.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2018-0006.html"
                },
                {
                  "name": "1040288",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040288"
                },
                {
                  "name": "102849",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102849"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4951",
        "datePublished": "2018-01-29T16:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:03:05.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4942 (GCVE-0-2017-4942)

    Vulnerability from cvelistv5 – Published: 2017-12-13 02:00 – Updated: 2024-09-16 17:58
    VLAI
    Summary
    VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.
    Severity
    No CVSS data available.
    CWE
    • Broken Access Control
    Assigner
    References
    URL Tags
    https://www.vmware.com/security/advisories/VMSA-2… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1040003 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/102171 vdb-entryx_refsource_BID
    Impacted products
    Date Public
    2017-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:47:43.325Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.vmware.com/security/advisories/VMSA-2017-0020.html"
              },
              {
                "name": "1040003",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040003"
              },
              {
                "name": "102171",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102171"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Airwatch Console",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "Any"
                }
              ]
            }
          ],
          "datePublic": "2017-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Broken Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-14T10:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2017-0020.html"
            },
            {
              "name": "1040003",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040003"
            },
            {
              "name": "102171",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102171"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "DATE_PUBLIC": "2017-12-12T00:00:00",
              "ID": "CVE-2017-4942",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Airwatch Console",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Any"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Broken Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.vmware.com/security/advisories/VMSA-2017-0020.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.vmware.com/security/advisories/VMSA-2017-0020.html"
                },
                {
                  "name": "1040003",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040003"
                },
                {
                  "name": "102171",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102171"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4942",
        "datePublished": "2017-12-13T02:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:58:52.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-4896 (GCVE-0-2017-4896)

    Vulnerability from cvelistv5 – Published: 2017-05-10 14:00 – Updated: 2024-08-05 14:39
    VLAI
    Summary
    Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.
    Severity
    No CVSS data available.
    CWE
    • Encyption bypass
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/95889 vdb-entryx_refsource_BID
    http://www.vmware.com/us/security/advisories/VMSA… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1037738 vdb-entryx_refsource_SECTRACK
    Impacted products
    Date Public
    2017-01-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.485Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "95889",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95889"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
              },
              {
                "name": "1037738",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037738"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Airwatch Console",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "x.x"
                }
              ]
            },
            {
              "product": "Airwatch Inbox",
              "vendor": "VMware",
              "versions": [
                {
                  "status": "affected",
                  "version": "x.x"
                }
              ]
            }
          ],
          "datePublic": "2017-01-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Encyption bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-24T12:57:01.000Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "name": "95889",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95889"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
            },
            {
              "name": "1037738",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1037738"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@vmware.com",
              "ID": "CVE-2017-4896",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Airwatch Console",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "x.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Airwatch Inbox",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "x.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VMware"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Encyption bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "95889",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95889"
                },
                {
                  "name": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
                },
                {
                  "name": "1037738",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1037738"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2017-4896",
        "datePublished": "2017-05-10T14:00:00.000Z",
        "dateReserved": "2016-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.485Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }