VMware AirWatch Console 9.1.x < 220.127.116.11 / 9.2.x < 18.104.22.168 / 9.3.x < 22.214.171.124 / 9.4.x < 126.96.36.199 / 9.5.x < 188.8.131.52 / 9.6.x < 184.108.40.206 / 9.7.x < 220.127.116.11 SAML Security Bypass
Medium Nessus Plugin ID 118091
SynopsisThe remote web server is affected by a security bypass vulnerability.
DescriptionAccording to its self-reported version, the install of VMware
AirWatch Console running on the remote host is 9.1.x prior to
18.104.22.168, 9.2.x prior to 22.214.171.124, 9.3.x prior to 126.96.36.199, 9.4.x prior
to 188.8.131.52, 9.5.x prior to 184.108.40.206, 9.6.x prior to 220.127.116.11, or 9.7.x
prior to 18.104.22.168. It is, therefore, affected by an error related to
handling SAML authentication and device enrollment that can allow
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
SolutionUpgrade to AirWatch Console version 22.214.171.124, 126.96.36.199, 188.8.131.52,
184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124 or later.
Alternatively, disable SAML authentication.