Executive Summary
Summary | |
---|---|
Title | - AirWatch updates address bypass of root detection and local data encryption |
Informations | |||
---|---|---|---|
Name | VMSA-2017-0001 | First vendor Publication | 2017-01-30 |
Vendor | VMware | Last vendor Modification | 2017-01-30 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. Root detection bypass Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection during enrollment. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data. VMware would like to thank Finn Steglich from SySS GmbH for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4895 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. b. Local data encryption bypass Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data. VMware would like to thank Finn Steglich from SySS GmbH for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4896 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2017-0001.html |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 |
Alert History
Date | Informations |
---|---|
2017-05-19 09:24:50 |
|
2017-05-10 21:24:16 |
|
2017-01-31 00:23:30 |
|