Cross Site Request Forgery Vulnerability in VMware AirWatch Console Allows Installation of Malicious Applications

Cross Site Request Forgery Vulnerability in VMware AirWatch Console Allows Installation of Malicious Applications

CVE-2017-4951 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. An attacker may exploit this issue by tricking users into installing a malicious application on their devices.

Learn more about our User Device Pen Test.