CVE-2017-4930

Published: Nov 16, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-14047 Aliases: GSD-2017-4930

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,4

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: required

Scope: changed

Confidentiality: low

Integrity: low

Availability: none

LOW 3,5

Source: [email protected]

Access Vector: network

Access Complexity: medium

Authentication: single

Confidentiality: none

Integrity: partial

Availability: none

Description

AI Translation Available

VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0030

Percentile

0,5th

Updated

EPSS Score Trend (Last 90 Days)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Integrity Availability

Potential Impacts:

Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

Likelihood of Exploit: High

View CWE Details

Application

Airwatch by Vmware

Product Information

Vendor Vmware

Product Airwatch

Version Range Affected

From 9.0.0 (inclusive)

To 9.2.0 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:vmware:airwatch:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://www.vmware.com/us/security/advisories/VMSA-2017-001…

Patch Vendor Advisory

https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html

http://www.securityfocus.com/bid/101772

Third Party Advisory VDB Entry

http://www.securityfocus.com/bid/101772

http://www.securitytracker.com/id/1039750

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1039750

https://www.vmware.com/us/security/advisories/VMSA-2017-001…

Patch Vendor Advisory

https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html

http://www.securityfocus.com/bid/101772

Third Party Advisory VDB Entry

http://www.securityfocus.com/bid/101772

http://www.securitytracker.com/id/1039750

Third Party Advisory VDB Entry

http://www.securitytracker.com/id/1039750

CVE-2017-4930

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Common Consequences

Applicable Platforms

Airwatch by Vmware

Product Information

Iscriviti alla newsletter