Published: 10/05/2017 Updated: 03/10/2019

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 3.8 | Impact Score: 1.4 | Exploitability Score: 2

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware airwatch agent -
vmware airwatch inbox -

VMware's enterprise mobility management tool can p0wn itself

The Register • Simon Sharwood • 31 Jan 2017

AirWatch's Android app and Agent need an update, stat

VMware's AirWatch enterprise mobility management service has two flaws that means the software needs ran update ASAP. In an emailed security advisory, VMware warns that “Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection during enrollment.” “Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data.” The second flaw means “Airwatch Inbox for Android c...

CVE-2017-4896

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect