Search criteria
9 vulnerabilities found for airwatch_agent by vmware
FKIE_CVE-2018-6968
Vulnerability from fkie_nvd - Published: 2018-06-11 22:29 - Updated: 2024-11-21 04:11
Severity ?
Summary
The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/104441 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1041060 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.vmware.com/security/advisories/VMSA-2018-0015.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104441 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041060 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2018-0015.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | airwatch_agent | * | |
| vmware | airwatch_agent | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:airwatch_agent:*:*:*:*:*:windows_mobile:*:*",
"matchCriteriaId": "A5EAE4CA-40F7-4F2D-986A-657D54BF1314",
"versionEndExcluding": "6.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:airwatch_agent:*:*:*:*:*:android:*:*",
"matchCriteriaId": "F110041E-E373-4410-B480-BD4BC38B6C94",
"versionEndExcluding": "8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator."
},
{
"lang": "es",
"value": "VMware AirWatch Agent para Android en versiones anteriores a la 8.2 y AirWatch Agent para Windows Mobile en versiones anteriores a la 6.5.2 contienen una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en las capacidades de File Manager en tiempo real. Esta vulnerabilidad podr\u00eda permitir la creaci\u00f3n y ejecuci\u00f3n no autorizadas de archivos en el sandbox del agente y otros directorios accesibles p\u00fablicamente, como los de la tarjeta SD, por un administrador malicioso."
}
],
"id": "CVE-2018-6968",
"lastModified": "2024-11-21T04:11:30.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-11T22:29:00.277",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104441"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041060"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2018-0015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2018-0015.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-4896
Vulnerability from fkie_nvd - Published: 2017-05-10 14:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/95889 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1037738 | ||
| security@vmware.com | http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95889 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037738 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | airwatch_agent | - | |
| vmware | airwatch_inbox | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:airwatch_agent:-:*:*:*:*:android:*:*",
"matchCriteriaId": "D0212914-AA83-44A2-B521-F7F4A6D9522D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:airwatch_inbox:-:*:*:*:*:android:*:*",
"matchCriteriaId": "0018380C-249A-423E-9322-8B703395F9BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data."
},
{
"lang": "es",
"value": "Airwatch Inbox para Android contiene una vulnerabilidad que puede permitir a un dispositivo rooteado descifre los datos locales usados por la aplicaci\u00f3n. La explotaci\u00f3n con \u00e9xito de este problema puede resultar en una divulgaci\u00f3n no autorizada de datos confidenciales."
}
],
"id": "CVE-2017-4896",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-10T14:29:00.780",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95889"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1037738"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-4895
Vulnerability from fkie_nvd - Published: 2017-05-10 14:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/95892 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1037738 | ||
| security@vmware.com | http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95892 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037738 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | airwatch_agent | - | |
| vmware | airwatch_inbox | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:airwatch_agent:-:*:*:*:*:android:*:*",
"matchCriteriaId": "D0212914-AA83-44A2-B521-F7F4A6D9522D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:airwatch_inbox:-:*:*:*:*:android:*:*",
"matchCriteriaId": "0018380C-249A-423E-9322-8B703395F9BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data."
},
{
"lang": "es",
"value": "Airwatch Agent para Android contiene una vulnerabilidad que puede permitir a un dispositivo omitir la detecci\u00f3n de root. La explotaci\u00f3n con \u00e9xito de este problema puede resultar en que un dispositivo registrado tenga acceso sin restricciones a los datos y controles de seguridad locales de Airwatch."
}
],
"id": "CVE-2017-4895",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-10T14:29:00.717",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95892"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1037738"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-6968 (GCVE-0-2018-6968)
Vulnerability from cvelistv5 – Published: 2018-06-11 22:00 – Updated: 2024-09-16 20:58
VLAI?
Summary
The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | AirWatch Agent |
Affected:
AirWatch Agent for Android prior to 8.2
Affected: AirWatch Agent for Windows Mobile prior to 6.5.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2018-0015.html"
},
{
"name": "104441",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104441"
},
{
"name": "1041060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AirWatch Agent",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "AirWatch Agent for Android prior to 8.2"
},
{
"status": "affected",
"version": "AirWatch Agent for Windows Mobile prior to 6.5.2"
}
]
}
],
"datePublic": "2018-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-14T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2018-0015.html"
},
{
"name": "104441",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104441"
},
{
"name": "1041060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2018-06-11T00:00:00",
"ID": "CVE-2018-6968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AirWatch Agent",
"version": {
"version_data": [
{
"version_value": "AirWatch Agent for Android prior to 8.2"
},
{
"version_value": "AirWatch Agent for Windows Mobile prior to 6.5.2"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2018-0015.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2018-0015.html"
},
{
"name": "104441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104441"
},
{
"name": "1041060",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2018-6968",
"datePublished": "2018-06-11T22:00:00Z",
"dateReserved": "2018-02-14T00:00:00",
"dateUpdated": "2024-09-16T20:58:09.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4895 (GCVE-0-2017-4895)
Vulnerability from cvelistv5 – Published: 2017-05-10 14:00 – Updated: 2024-08-05 14:39
VLAI?
Summary
Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data.
Severity ?
No CVSS data available.
CWE
- Root detection bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | Airwatch Agent |
Affected:
x.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
},
{
"name": "95892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95892"
},
{
"name": "1037738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037738"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Airwatch Agent",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "x.x"
}
]
}
],
"datePublic": "2017-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Root detection bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-24T12:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
},
{
"name": "95892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95892"
},
{
"name": "1037738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037738"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Airwatch Agent",
"version": {
"version_data": [
{
"version_value": "x.x"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Root detection bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
},
{
"name": "95892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95892"
},
{
"name": "1037738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037738"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4895",
"datePublished": "2017-05-10T14:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4896 (GCVE-0-2017-4896)
Vulnerability from cvelistv5 – Published: 2017-05-10 14:00 – Updated: 2024-08-05 14:39
VLAI?
Summary
Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.
Severity ?
No CVSS data available.
CWE
- Encyption bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| VMware | Airwatch Console |
Affected:
x.x
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95889"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
},
{
"name": "1037738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037738"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Airwatch Console",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "x.x"
}
]
},
{
"product": "Airwatch Inbox",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "x.x"
}
]
}
],
"datePublic": "2017-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Encyption bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-24T12:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "95889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95889"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
},
{
"name": "1037738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037738"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Airwatch Console",
"version": {
"version_data": [
{
"version_value": "x.x"
}
]
}
},
{
"product_name": "Airwatch Inbox",
"version": {
"version_data": [
{
"version_value": "x.x"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Encyption bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95889"
},
{
"name": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
},
{
"name": "1037738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037738"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4896",
"datePublished": "2017-05-10T14:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6968 (GCVE-0-2018-6968)
Vulnerability from nvd – Published: 2018-06-11 22:00 – Updated: 2024-09-16 20:58
VLAI?
Summary
The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | AirWatch Agent |
Affected:
AirWatch Agent for Android prior to 8.2
Affected: AirWatch Agent for Windows Mobile prior to 6.5.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2018-0015.html"
},
{
"name": "104441",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104441"
},
{
"name": "1041060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AirWatch Agent",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "AirWatch Agent for Android prior to 8.2"
},
{
"status": "affected",
"version": "AirWatch Agent for Windows Mobile prior to 6.5.2"
}
]
}
],
"datePublic": "2018-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-14T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2018-0015.html"
},
{
"name": "104441",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104441"
},
{
"name": "1041060",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2018-06-11T00:00:00",
"ID": "CVE-2018-6968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AirWatch Agent",
"version": {
"version_data": [
{
"version_value": "AirWatch Agent for Android prior to 8.2"
},
{
"version_value": "AirWatch Agent for Windows Mobile prior to 6.5.2"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2018-0015.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2018-0015.html"
},
{
"name": "104441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104441"
},
{
"name": "1041060",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2018-6968",
"datePublished": "2018-06-11T22:00:00Z",
"dateReserved": "2018-02-14T00:00:00",
"dateUpdated": "2024-09-16T20:58:09.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4895 (GCVE-0-2017-4895)
Vulnerability from nvd – Published: 2017-05-10 14:00 – Updated: 2024-08-05 14:39
VLAI?
Summary
Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data.
Severity ?
No CVSS data available.
CWE
- Root detection bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | Airwatch Agent |
Affected:
x.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
},
{
"name": "95892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95892"
},
{
"name": "1037738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037738"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Airwatch Agent",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "x.x"
}
]
}
],
"datePublic": "2017-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Root detection bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-24T12:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
},
{
"name": "95892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95892"
},
{
"name": "1037738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037738"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Airwatch Agent",
"version": {
"version_data": [
{
"version_value": "x.x"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Root detection bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
},
{
"name": "95892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95892"
},
{
"name": "1037738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037738"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4895",
"datePublished": "2017-05-10T14:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4896 (GCVE-0-2017-4896)
Vulnerability from nvd – Published: 2017-05-10 14:00 – Updated: 2024-08-05 14:39
VLAI?
Summary
Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.
Severity ?
No CVSS data available.
CWE
- Encyption bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| VMware | Airwatch Console |
Affected:
x.x
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95889"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
},
{
"name": "1037738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037738"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Airwatch Console",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "x.x"
}
]
},
{
"product": "Airwatch Inbox",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "x.x"
}
]
}
],
"datePublic": "2017-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Encyption bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-24T12:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "95889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95889"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
},
{
"name": "1037738",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037738"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Airwatch Console",
"version": {
"version_data": [
{
"version_value": "x.x"
}
]
}
},
{
"product_name": "Airwatch Inbox",
"version": {
"version_data": [
{
"version_value": "x.x"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Encyption bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95889"
},
{
"name": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html"
},
{
"name": "1037738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037738"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4896",
"datePublished": "2017-05-10T14:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}