Executive Summary

Summary
Title - AirWatch by VMware product update addresses information disclosure vulnerabilities
Informations
Name VMSA-2014-0014 First vendor Publication 2014-12-10
Vendor VMware Last vendor Modification 2014-12-10
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Cvss Base Score 4 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

a. AirWatch by VMware information disclosure vulnerability.

AirWatch by VMware has direct object reference vulnerabilities. These issues may allow a user that manages an AirWatch deployment in a multi-tenant environment to view the organizational information and statistics of another tenant.

AirWatch Cloud has been patched to resolve this issue, On-Premise deployments must be updated. See solution section for details.

VMware would like to thank Denis Andzakovic of security-assessment.com for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-8372 to these issues.

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2014-0014.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

Nessus® Vulnerability Scanner

Date Description
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2014-0014.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-12-12 17:25:34
  • Multiple Updates
2014-12-11 21:27:21
  • Multiple Updates
2014-12-10 17:20:26
  • First insertion