Vulnerability Description
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Airwatch | >= 9.0.0, < 9.2.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101772Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039750Third Party AdvisoryVDB Entry
- https://www.vmware.com/us/security/advisories/VMSA-2017-0016.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/101772Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039750Third Party AdvisoryVDB Entry
- https://www.vmware.com/us/security/advisories/VMSA-2017-0016.htmlPatchVendor Advisory
FAQ
What is CVE-2017-4930?
CVE-2017-4930 is a vulnerability with a CVSS score of 5.4 (MEDIUM). VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of t...
How severe is CVE-2017-4930?
CVE-2017-4930 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-4930?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Airwatch.