CVE-2017-4931: Input Validation
First published: Thu Nov 16 2017(Updated: )
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious content.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware AirWatch Inbox | >=9.0.0<9.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-4931?
CVE-2017-4931 has been rated as a moderate severity vulnerability.
How do I fix CVE-2017-4931?
To mitigate CVE-2017-4931, upgrade VMware AirWatch Console to version 9.2.0 or later.
What impact does CVE-2017-4931 have on users?
CVE-2017-4931 allows attackers to potentially insert malicious content into CSV files opened by unsuspecting users.
Who is affected by CVE-2017-4931?
Authenticated users of VMware AirWatch Console versions 9.x prior to 9.2.0 are affected by CVE-2017-4931.
Is CVE-2017-4931 a remote or local vulnerability?
CVE-2017-4931 is considered a local vulnerability as it requires an authenticated user to exploit it.
- agent/type
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/remedy
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/vmware
- canonical/vmware airwatch inbox
- version/vmware airwatch inbox/9.0.0