VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/101772 | Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1039750 | Third Party Advisory VDB Entry |
| https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html | Patch Vendor Advisory |
| http://www.securityfocus.com/bid/101772 | Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1039750 | Third Party Advisory VDB Entry |
| https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html | Patch Vendor Advisory |
Configurations
History
21 Nov 2024, 03:26
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.securityfocus.com/bid/101772 - Third Party Advisory, VDB Entry | |
| References | () http://www.securitytracker.com/id/1039750 - Third Party Advisory, VDB Entry | |
| References | () https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html - Patch, Vendor Advisory |
Information
Published : 2017-11-16 21:29
Updated : 2024-11-21 03:26
NVD link : CVE-2017-4930
Mitre link : CVE-2017-4930
CVE.ORG link : CVE-2017-4930
JSON object : View
Products Affected
vmware
- airwatch
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')