| Vulnerability Name: | CVE-2014-8372 (CCN-99569) | ||||||||
| Assigned: | 2014-12-10 | ||||||||
| Published: | 2014-12-10 | ||||||||
| Updated: | 2014-12-12 | ||||||||
| Summary: | AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-8372 Source: FULLDISC Type: UNKNOWN 20141210 NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities Source: CCN Type: BID-71609 Airwatch CVE-2014-8372 Multiple Information Disclosure Vulnerabilities Source: CCN Type: VMSA-2014-0014 AirWatch by VMware product update addresses information disclosure vulnerabilities Source: CONFIRM Type: Vendor Advisory http://www.vmware.com/security/advisories/VMSA-2014-0014.html Source: XF Type: UNKNOWN airwatch-cve20148372-info-disc(99569) Source: CCN Type: Packet Storm Security [01-29-2015] AirWatch Direct Object Reference | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||