{"api_version":"1","generated_at":"2026-04-22T22:02:52+00:00","cve":"CVE-2017-4931","urls":{"html":"https://cve.report/CVE-2017-4931","api":"https://cve.report/api/cve/CVE-2017-4931.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-4931","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-4931"},"summary":{"title":"CVE-2017-4931","description":"VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious content.","state":"PUBLIC","assigner":"security@vmware.com","published_at":"2017-11-16 21:29:00","updated_at":"2017-12-04 14:16:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html","name":"https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"VMSA-2017-0016","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/101772","name":"101772","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"VMware AirWatch Console Module Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1039750","name":"1039750","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"VMware AirWatch Console Bugs Let Remote Authenticted Users Conduct Cross-Site Scripting and Log File Injection Attacks and Let Local Users Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-4931","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-4931","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"4931","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"airwatch","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"4931","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"airwatch","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@vmware.com","DATE_PUBLIC":"2017-11-08T00:00:00","ID":"CVE-2017-4931","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"VMware AirWatch Console (AWC)","version":{"version_data":[{"version_value":"9.x before 9.2.0"}]}}]},"vendor_name":"VMware"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious content."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CSV file integrity vulnerability"}]}]},"references":{"reference_data":[{"name":"1039750","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1039750"},{"name":"https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html","refsource":"CONFIRM","url":"https://www.vmware.com/us/security/advisories/VMSA-2017-0016.html"},{"name":"101772","refsource":"BID","url":"http://www.securityfocus.com/bid/101772"}]}},"nvd":{"publishedDate":"2017-11-16 21:29:00","lastModifiedDate":"2017-12-04 14:16:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:vmware:airwatch:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.2.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"4931","Ordinal":"101361","Title":"CVE-2017-4931","CVE":"CVE-2017-4931","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"4931","Ordinal":"1","NoteData":"VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious content.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"4931","Ordinal":"2","NoteData":"2017-11-16","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"4931","Ordinal":"3","NoteData":"2017-11-17","Type":"Other","Title":"Modified"}]}}}