Vulnerability Details : CVE-2017-4931
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious content.
Vulnerability category: Input validation
Products affected by CVE-2017-4931
- cpe:2.3:a:vmware:airwatch:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-4931
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-4931
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-4931
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-4931
-
http://www.securityfocus.com/bid/101772
VMware AirWatch Console Module Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039750
VMware AirWatch Console Bugs Let Remote Authenticted Users Conduct Cross-Site Scripting and Log File Injection Attacks and Let Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html
VMSA-2017-0016Patch;Vendor Advisory
Jump to