VMware Fixes Flaw in AirWatch

Thursday, December 11, 2014 @ 03:12 PM gHale

VMware updated its AirWatch enterprise mobile management and security platform to fix information disclosure vulnerabilities.

Vulnerability (CVE-2014-8372) affects AirWatch by VMware On-Premise 7.3.x.x prior to 7.3.3.0 (FP3) and could enable a user that manages an AirWatch deployment in a multi-tenant environment to view the organizational information and statistics of another tenant, said VMware officials.

RELATED STORIES
Spotlight on Internal Vulnerability
Breach: When Minutes Count
Data Breach Awareness on Rise
Malware Creation Skyrockets in Q3

VMware fixed the issue in its cloud-based solution, but users working with on-premise deployments must apply the software update.

To perform a self-upgrade, AirWatch Administrators should email support@air-watch.com the support group to request the install files. Also, users may have an AirWatch Engineer to perform the upgrade on their behalf.

Denis Andzakovic of security-assessment.com reported the vulnerability to VMware.

VMware acquired AirWatch in a $1.54 Billion deal in Jan. 2014.



Leave a Reply

You must be logged in to post a comment.