CVE-2017-4896 - Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the lo

CVE-2017-4896

Summary

Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.

References

http://www.securityfocus.com/bid/95889
http://www.securitytracker.com/id/1037738
http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html

Vulnerable Configurations

cpe:2.3:a:vmware:airwatch_agent:-:*:*:*:*:android:*:*
cpe:2.3:a:vmware:airwatch_agent:-:*:*:*:*:android:*:*
cpe:2.3:a:vmware:airwatch_inbox:-:*:*:*:*:android:*:*
cpe:2.3:a:vmware:airwatch_inbox:-:*:*:*:*:android:*:*

CVSS

Base:	2.1 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	95889
confirm	http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html
sectrack	1037738

Last major update

03-10-2019 - 00:03

Published

10-05-2017 - 14:29

Last modified

03-10-2019 - 00:03