VMware said on Wednesday that is has released an update to its AirWatch enterprise mobile management and security platform to address information disclosure vulnerabilities that could leak sensitive IT-related organizational information.
According to VMware, vulnerability (CVE-2014-8372) affects AirWatch by VMware On-Premise 7.3.x.x prior to 7.3.3.0 (FP3) and could enable a user that manages an AirWatch deployment in a multi-tenant environment to view the organizational information and statistics of another tenant.
VMware has fixed the issue in its cloud-based solution, but customers using on-premise deployments must apply the software update.
To perform a self-upgrade, AirWatch Administrator have been instructed to email support@air-watch.com to request the install files. Alternatively, customers may engage an AirWatch Engineer to perform the upgrade on their behalf.
Denis Andzakovic of security-assessment.com was credited for reporting the vulnerability to VMware.
VMware acquired AirWatch in a $1.54 Billion deal announced in Jan. 2014.