cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2018-6979,https://securityvulnerability.io/vulnerability/CVE-2018-6979,,"The VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 9.7.x prior to 9.7.0.3, 9.6.x prior to 9.6.0.7, 9.5.x prior to 9.5.0.16, 9.4.x prior to 9.4.0.22, 9.3.x prior to 9.3.0.25, 9.2.x prior to 9.2.3.27, and 9.1.x prior to 9.1.5.6 contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases.",Vmware,Vmware Workspace One Unified Endpoint Management Console (airwatch Console),7.4,HIGH,0.0016799999866634607,false,false,false,false,,false,false,2018-10-04T00:00:00.000Z,0
CVE-2017-4951,https://securityvulnerability.io/vulnerability/CVE-2017-4951,,VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices.,Vmware,Airwatch Console,8.8,HIGH,0.002730000065639615,false,false,false,false,,false,false,2018-01-29T16:29:00.000Z,0
CVE-2017-4942,https://securityvulnerability.io/vulnerability/CVE-2017-4942,,VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.,Vmware,Airwatch Console,4.9,MEDIUM,0.0009800000116229057,false,false,false,false,,false,false,2017-12-13T02:29:00.000Z,0
CVE-2017-4930,https://securityvulnerability.io/vulnerability/CVE-2017-4930,,VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL.,Vmware,Vmware Airwatch Console (awc),5.4,MEDIUM,0.0007200000109151006,false,false,false,false,,false,false,2017-11-16T21:29:00.000Z,0
CVE-2017-4931,https://securityvulnerability.io/vulnerability/CVE-2017-4931,,VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious content.,Vmware,Vmware Airwatch Console (awc),7.8,HIGH,0.0014100000262260437,false,false,false,false,,false,false,2017-11-16T21:29:00.000Z,0
CVE-2017-4896,https://securityvulnerability.io/vulnerability/CVE-2017-4896,,Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.,Vmware,"Airwatch Console,Airwatch Inbox",3.8,LOW,0.0005099999834783375,false,false,false,false,,false,false,2017-05-10T14:00:00.000Z,0