CVE-2014-8372 – AirWatch Direct Object Reference
https://notcve.org/view.php?id=CVE-2014-8372
AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference. AirWatch by VMware On-Premise 7.3.x anterior a 7.3.3.0 (FP3) permite a usuarios remotos autenticados obtener la información y estadísticas organizativas de inquilinos arbitrarios a través de vectores que involucran una referencia de objeto directo. Multiple direct object reference vulnerabilities were found within the AirWatch cloud console. VMWare advised that these issues also affect on-premise AirWatch deployments. A malicious AirWatch user may leverage several direct object references to gain access to information regarding other AirWatch customers using the AirWatch cloud. • http://seclists.org/fulldisclosure/2014/Dec/44 http://www.vmware.com/security/advisories/VMSA-2014-0014.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •