4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
45.7%
a. AirWatch by VMware information disclosure vulnerability
AirWatch by VMware has direct object reference vulnerabilities. These issues may allow a user that manages an AirWatch deployment in a multi-tenant environment to view the organizational information and statistics of another tenant.AirWatch Cloud has been patched to resolve this issue, On-Premise deployments must be updated. See solution section for details.VMware would like to thank Denis Andzakovic of security-assessment.com for reporting this issue to us.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-8372 to this issue.Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
CPE | Name | Operator | Version |
---|---|---|---|
airwatch cloud | lt | No action required. | |
airwatch on-premise | lt | 7.3.3.0 (FP3) |