Multiple Vulnerabilities in VMware Content Locker and AirWatch Agent.

A CERT-FR advisory (CERTFR-2018-AVI-425) dated September 06, 2018 announces multiple vulnerabilities in VMware Content Locker and AirWatch Agent.

They allow an attacker to cause a breach of data integrity and a breach of data confidentiality. (Sources)

VMware Security Bulletin VMSA-2018-0023 dated September 05, 2018

The AirWatch monitoring agent for iOS devices contains a data protection vulnerability whereby files and Keychain entries in the agent are not encrypted.
VMware would like to thank Stephan Sekula of Compass Security for bringing this issue to our attention. The Joint Vulnerabilities and Exposures Project (CVE.mitre.org) has assigned CVE-2018-6975 to this issue.

A table lists the action required to address the vulnerability in each release, if a solution is available. (Sources)

The CERT (Computer Emergency Response Teams) are alert and response centers for computer attacks, intended for businesses or administrations, but whose information is generally accessible to everyone. The priority tasks of a CERT are multiple. Centralization of assistance requests following security incidents (attacks) on networks and information systems: reception of requests, analysis of symptoms and possible correlation of incidents. Processing alerts and reacting to computer attacks: technical analysis, exchange of information with other CERTs, contribution to specific technical studies. The establishment and maintenance of a database of vulnerabilities, Prevention by dissemination of information on the precautions to be taken to minimize the risks of incidents or at worst their consequences, Possible coordination with other entities (competence centers networks, operators and Internet access providers national and international CERTs).ANSSI