VMSA-2017-0020
VMware AirWatch Console updates address Broken Access Control vulnerability.
VMware Security Advisory
1. Summary
VMware AirWatch Console updates address Broken Access Control vulnerability.
2. Relevant Products
- VMware AirWatch Console (AWC)
3. Problem Description
VMware AirWatch Console (AWC) Broken Access Control
VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4942 to this issue.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
VMware Product
Product Version
Running on
Severity
Replace with/ Apply Patch
Workaround
*Additional patches are available for supported Airwatch releases. Please see KB115015676547 for more information.
4. Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
VMware AirWatch Console 9.2.2
Downloads and Documentation:
https://support.air-watch.com/articles/115015625647
5. References
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4942
https://support.air-watch.com/articles/115015676547
https://www.air-watch.com/en/about/contact-us
https://support.air-watch.com/articles/115015625647
6. Change log
2017-12-12: VMSA-2017-0020
Initial security advisory in conjunction with the release of VMware AirWatch Console patches on 2017-12-12.
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce@lists.vmware.com
bugtraq@securityfocus.com
fulldisclosure@seclists.org
E-mail: security@vmware.com
PGP key at: https://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
Consolidated list of VMware Security Advisories
http://kb.vmware.com/kb/2078735
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Copyright 2017 VMware Inc. All rights reserved.