Government of the Republic of Trinidad and Tobago
gov.tt

TTCSIRT-170.100818: TT-CSIRT Advisory – VMware Security Updates

TTCSIRT-170.100818: TT-CSIRT Advisory – VMware Security Updates

VMWare has released a security update stating that the VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment.

This issue may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled.

Further information on this vulnerability and how it can be mitigated can be found on the VMWare Website at https://www.vmware.com/security/advisories/VMSA-2018-0024.html