[Security-announce] NEW – VMSA-2017-0020 – VMware AirWatch Console updates address Broken Access Control vulnerability

\n\n—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

– ————————————————————————–
VMware Security Advisory

Advisory ID: VMSA-2017-0020
Severity: Moderate
Synopsis: VMware AirWatch Console updates address Broken Access Control
vulnerability.
Issue date: 2017-12-12
Updated on: 2017-12-12 (Initial Advisory)
CVE number: CVE-2017-4942

1. Summary

VMware AirWatch Console updates address Broken Access Control
vulnerability.

2. Relevant Products

VMware AirWatch Console (AWC)

3. Problem Description

VMware AirWatch Console (AWC) Broken Access Control

VMware AirWatch Console (AWC) contains a Broken Access Control
vulnerability. Successful exploitation of this issue could result in
end-user device details being disclosed to an unauthorized
administrator.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2017-4942 to this issue.

Column 5 of the following table lists the action required to remediate
the vulnerability in each release, if a solution is available.

VMware Product Running Replace with/ Mitigation/
Product Version on Severity Apply Patch Workaround
========== ========= ======= ========= ============= ==========
AWC 9.x Any Moderate 9.2.2* KB115015676547

*Additional patches are available for supported Airwatch releases.
Please see KB115015676547 for more information.

4. Solution

Please review the patch/release notes for your product and version and
verify the checksum of your downloaded file.

VMware AirWatch Console 9.2.2
Downloads and Documentation:
https://support.air-watch.com/articles/115015625647

5. References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4942
https://support.air-watch.com/articles/115015676547
https://www.air-watch.com/en/about/contact-us
https://support.air-watch.com/articles/115015625647

– ————————————————————————–

6. Change log

2017-12-12: VMSA-2017-0020
Initial security advisory in conjunction with the release of VMware
AirWatch Console patches on 2017-12-12.

– ————————————————————————–

7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce@lists.vmware.com
bugtraq@securityfocus.com
fulldisclosure@seclists.org

E-mail: security at vmware.com
PGP key at: https://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter

Copyright 2017 VMware Inc. All rights reserved.

—–BEGIN PGP SIGNATURE—–
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFaMDfxDEcm8Vbi9kMRAhVMAKCWXJh/dJialSjwpgDeOe8lLMtQ3wCgtGf8
IE/WzZSIIRfRMM9RCr35Z5E=
=eaXo
—–END PGP SIGNATURE—–
_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
https://lists.vmware.com/mailman/listinfo/security-announce