VMware has released a new security advisory VMSA-2018-0024: VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) update resolves SAML authentication bypass vulnerability.
This advisory documents the remediation of one critical issue: VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. If certificate-based authentication is not enabled the outcome of exploitation is limited to an information disclosure (Important Severity).
The Common Vulnerabilities and Exposures project has assigned the identifier CVE-2018-6979 to VMSA-2018-0019 issue.
VMSA-2018-0024 – Affected Products and Resolutions
AirWatch Console 9.7.x – update to version 18.104.22.168 or above
AirWatch Console 9.6.x – update to version 22.214.171.124 or above
AirWatch Console 9.5.x – update to version 126.96.36.199 or above
AirWatch Console 9.4.x – update to version 188.8.131.52 or above
AirWatch Console 9.3.x – update to version 184.108.40.206 or above
AirWatch Console 9.2.x – update to version 220.127.116.11 or above
AirWatch Console 9.1.x – update to version 18.104.22.168 or above
As per VMware KB, if patching your environment is not feasible in a timely manner, you can take mitigation steps by disabling SAML authentication for enrollment located under System > Enterprise Integration > Directory Services.
You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.