CVE-2017-4942

{"id": "CVE-2017-4942", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2017-12-13T02:29:11.077", "references": [{"url": "http://www.securityfocus.com/bid/102171", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@vmware.com"}, {"url": "http://www.securitytracker.com/id/1040003", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@vmware.com"}, {"url": "https://www.vmware.com/security/advisories/VMSA-2017-0020.html", "tags": ["Patch", "Vendor Advisory"], "source": "security@vmware.com"}, {"url": "http://www.securityfocus.com/bid/102171", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1040003", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.vmware.com/security/advisories/VMSA-2017-0020.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator."}, {"lang": "es", "value": "VMware AirWatch Console (AWC) contiene una vulnerabilidad de control de acceso roto. La explotaci\u00f3n con \u00e9xito de este problema podr\u00eda desembocar en la revelaci\u00f3n de detalles del dispositivo del usuario final a un administrador no autorizado."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:airwatch_console:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E12528D-A1E2-4B57-9885-EFA134FC4208", "versionEndExcluding": "9.2.2.0", "versionStartIncluding": "9.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@vmware.com"}