CVE-2018-6979

Name of the Vulnerable Software and Affected Versions VMware Workspace ONE Unified Endpoint Management Console (A/W Console) versions 9.1.x prior to 9.1.5.6 VMware Workspace ONE Unified Endpoint Management Console (A/W Console) versions 9.2.x prior to 9.2.3.27 VMware Workspace ONE Unified Endpoint Management Console (A/W Console) versions 9.3.x prior to 9.3.0.25 VMware Workspace ONE Unified Endpoint Management Console (A/W Console) versions 9.4.x prior to 9.4.0.22 VMware Workspace ONE Unified Endpoint Management Console (A/W Console) versions 9.5.x prior to 9.5.0.16 VMware Workspace ONE Unified Endpoint Management Console (A/W Console) versions 9.6.x prior to 9.6.0.7 VMware Workspace ONE Unified Endpoint Management Console (A/W Console) versions 9.7.x prior to 9.7.0.3

Description The issue concerns a SAML authentication bypass that can be exploited during device enrollment, potentially allowing a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. If certificate-based authentication is not enabled, the outcome of exploitation is limited to an information disclosure.

Recommendations For versions 9.1.x prior to 9.1.5.6, update to version 9.1.5.6 or later. For versions 9.2.x prior to 9.2.3.27, update to version 9.2.3.27 or later. For versions 9.3.x prior to 9.3.0.25, update to version 9.3.0.25 or later. For versions 9.4.x prior to 9.4.0.22, update to version 9.4.0.22 or later. For versions 9.5.x prior to 9.5.0.16, update to version 9.5.0.16 or later. For versions 9.6.x prior to 9.6.0.7, update to version 9.6.0.7 or later. For versions 9.7.x prior to 9.7.0.3, update to version 9.7.0.3 or later.