CVE-2018-6979

Summary

The VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 9.7.x prior to 9.7.0.3, 9.6.x prior to 9.6.0.7, 9.5.x prior to 9.5.0.16, 9.4.x prior to 9.4.0.22, 9.3.x prior to 9.3.0.25, 9.2.x prior to 9.2.3.27, and 9.1.x prior to 9.1.5.6 contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases.

Affected Software

VendorProductVersion RangeStatus
VMwareVMware Workspace ONE Unified Endpoint Management Console (AirWatch Console)9.7.x prior to 9.7.0.8affected
VMwareVMware Workspace ONE Unified Endpoint Management Console (AirWatch Console)9.6.x prior to 9.6.0.8affected
VMwareVMware Workspace ONE Unified Endpoint Management Console (AirWatch Console)9.5.x prior to 9.5.0.17affected
VMwareVMware Workspace ONE Unified Endpoint Management Console (AirWatch Console)9.4.x prior to 9.4.0.23affected
VMwareVMware Workspace ONE Unified Endpoint Management Console (AirWatch Console)9.3.x prior to 9.3.0.25affected
VMwareVMware Workspace ONE Unified Endpoint Management Console (AirWatch Console)9.2.x prior to 9.2.3.28affected
VMwareVMware Workspace ONE Unified Endpoint Management Console (AirWatch Console)9.1.x prior to 9.1.5.6affected

Weaknesses

  • SAML authentication bypass

ADP Enrichment

CVE Program Container

Additional References

References