It can be exploited by remote attackers with knowledge of specific enrolled devices within an AirWatch instance to add or remove files from a device, remotely execute commands on it, or modify or set Registry Key values for Windows Mobile devices that are configured to use AirWatch Cloud Messaging (AWCM).
The offered updates effectively disable File and Registry Management capabilities.
VMware also
added that “through mitigation of this security vulnerability, the File, Task & Registry Management capabilities built into AWCM will be disabled in current SaaS environments over the coming weeks” and that the functionality will be deprecated in future releases of the Workspace ONE UEM Console.