VMware updated its AirWatch enterprise mobile management and security platform to fix information disclosure vulnerabilities.
Vulnerability (CVE-2014-8372) affects AirWatch by VMware On-Premise 7.3.x.x prior to 126.96.36.199 (FP3) and could enable a user that manages an AirWatch deployment in a multi-tenant environment to view the organizational information and statistics of another tenant, said VMware officials.
VMware fixed the issue in its cloud-based solution, but users working with on-premise deployments must apply the software update.
To perform a self-upgrade, AirWatch Administrators should email firstname.lastname@example.org the support group to request the install files. Also, users may have an AirWatch Engineer to perform the upgrade on their behalf.
Denis Andzakovic of security-assessment.com reported the vulnerability to VMware.
VMware acquired AirWatch in a $1.54 Billion deal in Jan. 2014.