Description
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious content.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039750
Patch, Vendor Advisory x_refsource_confirm
https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101772
Scores
CVSS v3
7.8
EPSS
0.0022
EPSS Percentile
44.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (2)
vmware/airwatch
9.0.0 - 9.2.0
VMware/VMware AirWatch Console (AWC)
9.x before 9.2.0
Published
Nov 16, 2017
Tracked Since
Feb 18, 2026