Multiple direct object reference vulnerabilities were found within the AirWatch cloud console. VMWare advised that these issues also affect on-premise AirWatch deployments. A malicious AirWatch user may leverage several direct object references to gain access to information regarding other AirWatch customers using the AirWatch cloud. This includes viewing groups and downloading private APKs belonging to other organizations.
5468547ad7baa8b8e0d41f706bd7a80458d99dc96cd25a19ec2e1b6344263f4f
VMware Security Advisory 2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities.
87c695e22649e611682b410ebade0303433c3cdb027c057bec2c666827ae99b0