exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

VMware Security Advisory 2018-0024

VMware Security Advisory 2018-0024
Posted Oct 4, 2018
Authored by VMware | Site vmware.com

VMware Security Advisory 2018-0024 - VMware Workspace ONE Unified Endpoint Management Console (A/W Console) updates resolve SAML authentication bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2018-6979
SHA-256 | 70016a84f7fc8db00f6df3e3fc7ea2a353556b33ea46d1a8c03e856269049083
Download | Favorite | View

VMware Security Advisory 2018-0024

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Advisory ID: VMSA-2018-0024
Severity:    Critical
Synopsis:    VMware Workspace ONE Unified Endpoint Management Console
             (A/W Console) update resolves SAML authentication bypass
             vulnerability
Issue date:  2018-10-04
Updated on:  2018-10-04 (Initial Advisory)
CVE number:  CVE-2018-6979

1. Summary

   VMware Workspace ONE Unified Endpoint Management Console (A/W Console)
   updates resolve SAML authentication bypass vulnerability

2. Relevant Products

   VMware Workspace ONE Unified Endpoint Management Console (A/W Console)

3. Problem Description

   The VMware Workspace ONE Unified Endpoint Management Console (A/W
   Console) contains a SAML authentication bypass vulnerability which can
   be leveraged during device enrollment. This vulnerability may allow for
   a malicious actor to impersonate an authorized SAML session if
   certificate-based authentication is enabled. This vulnerability is also
   relevant if certificate-based authentication is not enabled, but the
   outcome of exploitation is limited to an information disclosure
   (Important Severity) in those cases.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the identifier CVE-2018-6979 to this issue.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware      Product   Running           Replace with/     Mitigation/
   Product     Version   on      Severity  Apply Patch       Workaround
   =========== ========= ======= ========= ================= ==========
   A/W Console 9.7.x     Any     Critical  9.7.0.8           360010178013
   A/W Console 9.6.x     Any     Critical  9.6.0.8           360010178013
   A/W Console 9.5.x     Any     Critical  9.5.0.17          360010178013
   A/W Console 9.4.x     Any     Critical  9.4.0.23          360010178013
   A/W Console 9.3.x     Any     Critical  9.3.0.25          360010178013
   A/W Console 9.2.x     Any     Critical  9.2.3.28          360010178013
   A/W Console 9.1.x     Any     Critical  9.1.5.6           360010178013

4. Solution

   VMware Workspace ONE Unified Endpoint Management Console 9.7.x
   Downloads and Documentation:
   https://resources.workspaceone.com/view/rnvtjd8jltpdhpt663n2/en

   VMware Workspace ONE Unified Endpoint Management Console 9.6.x
   Downloads and Documentation:
   https://resources.workspaceone.com/view/5nzwmkccx2dfbfyw9977/en

   VMware Workspace ONE Unified Endpoint Management Console 9.5.x
   Downloads and Documentation:
   https://resources.workspaceone.com/view/3rhqhqd98nymx33f4shd/en

   VMware Workspace ONE Unified Endpoint Management Console 9.4.x
   Downloads and Documentation:
   https://resources.workspaceone.com/view/q9fsfgs6d23mvtkpm22j/en

   VMware Workspace ONE Unified Endpoint Management Console 9.3.x
   Downloads and Documentation:
   https://resources.workspaceone.com/view/7t25rz3pd8sgzq3vqztx/en

   VMware Workspace ONE Unified Endpoint Management Console 9.2.x
   Downloads and Documentation:
   https://resources.workspaceone.com/view/kb7yzw7hbgyrygjvhmlh/en

   VMware Workspace ONE Unified Endpoint Management Console 9.1.x
   Downloads and Documentation:
   https://resources.workspaceone.com/save/nnqxxqyqt8vmn54mnd8v/en

5. References

   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6979
   https://support.workspaceone.com/articles/360010178013

- --------------------------------------------------------------------------

6. Change log

   2018-10-04 - VMSA-2018-0024: Initial security advisory.

- --------------------------------------------------------------------------


7. Contact

   E-mail list for product security notifications and announcements:
   https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

    security-announce@lists.vmware.com
    bugtraq@securityfocus.com
    fulldisclosure@seclists.org

   E-mail: security at vmware.com
   PGP key at: https://kb.vmware.com/kb/1055

   VMware Security Advisories
   https://www.vmware.com/security/advisories

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html
   VMware Security & Compliance Blog  
   https://blogs.vmware.com/security

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2018 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSmJMaUX5+xuU/DnNwMRybxVuL2QwUCW7Zr0wAKCRAMRybxVuL2
Q4IIAKDOVUqyvvtZp7fYxIFkO2xIzlV0QACfS3xTRprGFO64IofAotXpoqzFaTc=
=aSD2
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close