4 matches found
CVE-2014-8372
Affected product: AirWatch by VMware On-Premise 7.3.x (prior to 7.3.3.0 FP3). Issue: Direct object reference enables remote authenticated users to view organizational information and statistics of other tenants. This is an information disclosure vulnerability in multi-tenant deployments. Root cau...
CVE-2017-4951
The CVE-2017-4951 CSRF flaw affects VMware AirWatch Console in versions 9.2.x before 9.2.2 and 9.1.x before 9.1.5, caused by a user-input validation issue that enables cross-site request forgery when accessing the App Catalog. An attacker could lure an authenticated user into installing a malicio...
CVE-2017-4930
CVE-2017-4930 affects VMware AirWatch Console 9.x before 9.2.0. An authenticated AWC user can inject a malicious URL into an enrolled device’s ‘Links’ page, leading to a redirected user. Root cause: stored XSS in the Links feature. Remediation: upgrade to AirWatch Console 9.2.0 or later (as per V...
CVE-2017-4931
CVE-2017-4931 affects VMware AirWatch Console 9.x before 9.2.0. An authenticated AWC user can add malicious data to an enrolled device’s log files, potentially causing a user to open a CSV containing malicious content. The issue is mitigated by upgrading to AirWatch Console 9.2.0 or later (update...