7.4

CVE-2018-6979

The VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 9.7.x prior to 9.7.0.3, 9.6.x prior to 9.6.0.7, 9.5.x prior to 9.5.0.16, 9.4.x prior to 9.4.0.22, 9.3.x prior to 9.3.0.25, 9.2.x prior to 9.2.3.27, and 9.1.x prior to 9.1.5.6 contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases.

Data is provided by the National Vulnerability Database (NVD)
VMwareAirwatch Console Version >= 9.1.0.0 < 9.1.5.6
VMwareAirwatch Console Version >= 9.2.0.0 < 9.2.3.27
VMwareAirwatch Console Version >= 9.3.0.0 < 9.3.0.25
VMwareAirwatch Console Version >= 9.4.0.0 < 9.4.0.22
VMwareAirwatch Console Version >= 9.5.0.0 < 9.5.0.16
VMwareAirwatch Console Version >= 9.6.0.0 < 9.6.0.7
VMwareAirwatch Console Version >= 9.7.0.0 < 9.7.0.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.28% 0.486
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.4 2.2 5.2
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
http://www.securitytracker.com/id/1041808
Third Party Advisory
VDB Entry