CVSS: 7.4EPSS: 0%CPEs: 7EXPL: 0CVE-2018-6979
https://notcve.org/view.php?id=CVE-2018-6979
The VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 9.7.x prior to 9.7.0.3, 9.6.x prior to 9.6.0.7, 9.5.x prior to 9.5.0.16, 9.4.x prior to 9.4.0.22, 9.3.x prior to 9.3.0.25, 9.2.x prior to 9.2.3.27, and 9.1.x prior to 9.1.5.6 contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases. VMware Workspace ONE Unified Endpoint Management Console (A/W Console) en versiones 9.7.x anteriores a la 9.7.0.8, versiones 9.6.x anteriores a la 9.6.0.8, versiones 9.5.x anteriores a la 9.5.0.17, versiones 9.4.x anteriores a la 9.4.0.23, versiones 9.3.x anteriores a la 9.3.0.25, versiones 9.2.x anteriores a la 9.2.3.28 y versiones 9.1.x anteriores a la 9.1.5.6 contiene una vulnerabilidad de omisión de autenticación SAML que puede aprovecharse durante la inscripción de dispositivos. Esta vulnerabilidad podría permitir que un actor malicioso suplante una sesión SAML autorizada si la autenticación basada en certificados está habilitada. • http://www.securitytracker.com/id/1041808 https://www.vmware.com/security/advisories/VMSA-2018-0024.html •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-4942
https://notcve.org/view.php?id=CVE-2017-4942
VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator. VMware AirWatch Console (AWC) contiene una vulnerabilidad de control de acceso roto. La explotación con éxito de este problema podría desembocar en la revelación de detalles del dispositivo del usuario final a un administrador no autorizado. • http://www.securityfocus.com/bid/102171 http://www.securitytracker.com/id/1040003 https://www.vmware.com/security/advisories/VMSA-2017-0020.html •