{"containers":{"cna":{"affected":[{"product":"VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console)","vendor":"VMware","versions":[{"status":"affected","version":"9.7.x prior to 9.7.0.8"},{"status":"affected","version":"9.6.x prior to 9.6.0.8"},{"status":"affected","version":"9.5.x prior to 9.5.0.17"},{"status":"affected","version":"9.4.x prior to 9.4.0.23"},{"status":"affected","version":"9.3.x prior to 9.3.0.25"},{"status":"affected","version":"9.2.x prior to 9.2.3.28"},{"status":"affected","version":"9.1.x prior to 9.1.5.6"}]}],"datePublic":"2018-10-04T00:00:00.000Z","descriptions":[{"lang":"en","value":"The VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 9.7.x prior to 9.7.0.3, 9.6.x prior to 9.6.0.7, 9.5.x prior to 9.5.0.16, 9.4.x prior to 9.4.0.22, 9.3.x prior to 9.3.0.25, 9.2.x prior to 9.2.3.27, and 9.1.x prior to 9.1.5.6 contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases."}],"problemTypes":[{"descriptions":[{"description":"SAML authentication bypass","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-09T15:57:01.000Z","orgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","shortName":"vmware"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://www.vmware.com/security/advisories/VMSA-2018-0024.html"},{"name":"1041808","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1041808"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@vmware.com","DATE_PUBLIC":"2018-10-04T00:00:00","ID":"CVE-2018-6979","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console)","version":{"version_data":[{"version_value":"9.7.x prior to 9.7.0.8"},{"version_value":"9.6.x prior to 9.6.0.8"},{"version_value":"9.5.x prior to 9.5.0.17"},{"version_value":"9.4.x prior to 9.4.0.23"},{"version_value":"9.3.x prior to 9.3.0.25"},{"version_value":"9.2.x prior to 9.2.3.28"},{"version_value":"9.1.x prior to 9.1.5.6"}]}}]},"vendor_name":"VMware"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 9.7.x prior to 9.7.0.3, 9.6.x prior to 9.6.0.7, 9.5.x prior to 9.5.0.16, 9.4.x prior to 9.4.0.22, 9.3.x prior to 9.3.0.25, 9.2.x prior to 9.2.3.27, and 9.1.x prior to 9.1.5.6 contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"SAML authentication bypass"}]}]},"references":{"reference_data":[{"name":"https://www.vmware.com/security/advisories/VMSA-2018-0024.html","refsource":"CONFIRM","url":"https://www.vmware.com/security/advisories/VMSA-2018-0024.html"},{"name":"1041808","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1041808"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T06:17:17.360Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.vmware.com/security/advisories/VMSA-2018-0024.html"},{"name":"1041808","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1041808"}]}]},"cveMetadata":{"assignerOrgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","assignerShortName":"vmware","cveId":"CVE-2018-6979","datePublished":"2018-10-05T13:00:00.000Z","dateReserved":"2018-02-14T00:00:00.000Z","dateUpdated":"2024-09-17T01:12:18.994Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}