VMware has released a new security advisory VMSA-2018-0024: VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) update resolves SAML authentication bypass vulnerability.
This advisory documents the remediation of one critical issue: VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. If certificate-based authentication is not enabled the outcome of exploitation is limited to an information disclosure (Important Severity).
The Common Vulnerabilities and Exposures project has assigned the identifier CVE-2018-6979 to VMSA-2018-0019 issue.
VMSA-2018-0024 – Affected Products and Resolutions
AirWatch Console 9.7.x – update to version 9.7.0.3 or above
AirWatch Console 9.6.x – update to version 9.6.0.7 or above
AirWatch Console 9.5.x – update to version 9.5.0.16 or above
AirWatch Console 9.4.x – update to version 9.4.0.22 or above
AirWatch Console 9.3.x – update to version 9.3.0.25 or above
AirWatch Console 9.2.x – update to version 9.2.3.27 or above
AirWatch Console 9.1.x – update to version 9.1.5.6 or above
As per VMware KB, if patching your environment is not feasible in a timely manner, you can take mitigation steps by disabling SAML authentication for enrollment located under System > Enterprise Integration > Directory Services.
You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.