CVE-2018-6979
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 9.7.x prior to 9.7.0.3, 9.6.x prior to 9.6.0.7, 9.5.x prior to 9.5.0.16, 9.4.x prior to 9.4.0.22, 9.3.x prior to 9.3.0.25, 9.2.x prior to 9.2.3.27, and 9.1.x prior to 9.1.5.6 contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases.
VMware Workspace ONE Unified Endpoint Management Console (A/W Console) en versiones 9.7.x anteriores a la 9.7.0.8, versiones 9.6.x anteriores a la 9.6.0.8, versiones 9.5.x anteriores a la 9.5.0.17, versiones 9.4.x anteriores a la 9.4.0.23, versiones 9.3.x anteriores a la 9.3.0.25, versiones 9.2.x anteriores a la 9.2.3.28 y versiones 9.1.x anteriores a la 9.1.5.6 contiene una vulnerabilidad de omisión de autenticación SAML que puede aprovecharse durante la inscripción de dispositivos. Esta vulnerabilidad podría permitir que un actor malicioso suplante una sesión SAML autorizada si la autenticación basada en certificados está habilitada. Esta vulnerabilidad también es relevante si la autenticación basada en certificados no está habilitada, pero el resultado de la explotación está limitado a una divulgación de información (severidad importante) en estos casos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-14 CVE Reserved
- 2018-10-04 CVE Published
- 2024-02-25 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1041808 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2018-0024.html | 2020-08-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Airwatch Console Search vendor "Vmware" for product "Airwatch Console" | >= 9.1.0.0 < 9.1.5.6 Search vendor "Vmware" for product "Airwatch Console" and version " >= 9.1.0.0 < 9.1.5.6" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Airwatch Console Search vendor "Vmware" for product "Airwatch Console" | >= 9.2.0.0 < 9.2.3.27 Search vendor "Vmware" for product "Airwatch Console" and version " >= 9.2.0.0 < 9.2.3.27" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Airwatch Console Search vendor "Vmware" for product "Airwatch Console" | >= 9.3.0.0 < 9.3.0.25 Search vendor "Vmware" for product "Airwatch Console" and version " >= 9.3.0.0 < 9.3.0.25" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Airwatch Console Search vendor "Vmware" for product "Airwatch Console" | >= 9.4.0.0 < 9.4.0.22 Search vendor "Vmware" for product "Airwatch Console" and version " >= 9.4.0.0 < 9.4.0.22" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Airwatch Console Search vendor "Vmware" for product "Airwatch Console" | >= 9.5.0.0 < 9.5.0.16 Search vendor "Vmware" for product "Airwatch Console" and version " >= 9.5.0.0 < 9.5.0.16" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Airwatch Console Search vendor "Vmware" for product "Airwatch Console" | >= 9.6.0.0 < 9.6.0.7 Search vendor "Vmware" for product "Airwatch Console" and version " >= 9.6.0.0 < 9.6.0.7" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Airwatch Console Search vendor "Vmware" for product "Airwatch Console" | >= 9.7.0.0 < 9.7.0.3 Search vendor "Vmware" for product "Airwatch Console" and version " >= 9.7.0.0 < 9.7.0.3" | - |
Affected
| ||||||