EUVD-2017-14059

Malware in sbrugna...

VMware Releases Security Update

VMware has released a security update to address a vulnerability in AirWatch Console. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0024 and apply the necessary update...

VMware AirWatch Console 9.1.x < 9.1.5 / 9.2.x < 9.2.2 XSRF

According to its self-reported version, the install of VMware AirWatch Console running on the remote host is 9.1.x prior to 9.1.5 or 9.2.x prior to 9.2.2. It is, therefore, affected by a user-input validation error that allows cross-site request forgery XSRF attacks. Note that Nessus has not test...

CVE-2017-4951

VMware AirWatch Console 9.2.x before 9.2.2 and 9.1.x before 9.1.5 contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices...

VMware AirWatch Console Cross-Site Request Forgery Vulnerability

VMware AirWatch is a console application for the VMware AirWatch Console AWC, a suite of enterprise mobility management solutions from VMware, Inc. A cross-site request forgery vulnerability exists in VMware AWC versions 9.2.x and 9.1.x. The vulnerability stems from the program failing to...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in vRealize Automation, vSphere Integrated Containers, and AirWatch Console. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the VMwar...

VMSA-2018-0006:vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities

VMSA-2018-0006 vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0006 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis:...

VMware AirWatch Console Access Bypass Vulnerability

VMware AirWatch is a console application for the VMware AirWatch Console AWC, a suite of enterprise mobility management solutions from VMware, Inc. An access bypass vulnerability exists in VMware AWC. An attacker could exploit this vulnerability to obtain end-user device information...

CVE-2017-4942

VMware AirWatch Console AWC contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator...

CVE-2017-4942

The CVE-2017-4942 entry corresponds to VMware AirWatch Console (AWC) with a Broken Access Control vulnerability. The connected VMware advisory VMSA-2017-0020 confirms that successful exploitation could disclose end-user device details to an unauthorized administrator. The advisory documents that ...

VMware AirWatch Console updates address Broken Access Control vulnerability.

VMware AirWatch Console AWC Broken Access Control VMware AirWatch Console AWC contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator. The Common Vulnerabilities and Exposures...

CVE-2017-4930

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL...

Design/Logic Flaw

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious conten...

CVE-2017-4930

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL...

CVE-2017-4931

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious conten...

VMware AirWatch Console Security Bypass Vulnerability

VMware AirWatch is a console application for the VMware AirWatch Console, a suite of enterprise mobility management solutions from VMware. A security bypass vulnerability exists in VMware AirWatch Console version 9.x prior to 9.2.0. A remote attacker could exploit the vulnerability to write...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in Airwatch Agent, Airwatch Console, and AirWatch Inbox software. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review...