Moderate
OMSA-2024-0001
6.8
2024-06-27
2024-06-27 (Initial Advisory)
CVE-2024-22260
VMware Workspace One UEM update addresses an information exposure vulnerability (CVE-2024-22260)
1. Impacted Products
VMware Workspace ONE UEM
2. Introduction
A vulnerability affecting Workspace ONE UEM endpoints was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
3. Injection Vulnerability (CVE-2024-22260)
Description
Workspace ONE UEM endpoints contain an information exposure vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.8.
Known Attack Vectors
A malicious actor with network access to the Workspace One UEM may be able to perform an attack resulting in an information exposure.
Resolution
To remediate CVE-2024-22260 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank Emre Durmaz and Nuri Yavuz of Company Trendyol for reporting this vulnerability to us.
Response Matrix
Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
VMware Workspace One UEM | 23.10.x | Any | CVE-2024-22260 | moderate
| None | None | ||
VMware Workspace One UEM | 23.6.x | Any | CVE-2024-22260 | moderate
| None | None | ||
VMware Workspace ONE UEM | 23.2.x | Any | CVE-2024-22260 | moderate
| None | None | ||
VMware Workspace One UEM | 22.12.x | Any | CVE-2024-22260 | moderate
| None | None |
4. References
Downloads and Documentation:
VMware Workspace ONE UEM – 23.10.0.13
https://resources.workspaceone.com/view/nzf369mf88y2m3nwfgp4
VMware Workspace ONE UEM – 23.6.0.30
https://resources.workspaceone.com/view/pcn963yp8l5vbkr85cyf
VMware Workspace ONE UEM – 23.2.0.46
https://resources.workspaceone.com/view/7nqwprpyyzf3brzwgvsy
VMware Workspace ONE UEM – 22.12.0.47
https://resources.workspaceone.com/view/blyxpgfw8m79yd8wm7dh
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22260
FIRST CVSSv3 Calculator:
CVE-2024-22260: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
5. Change Log
2024-06-27 OMSA-2024-0001
Initial security advisory.
6. Contact
E-mail: security@vmware.com
PGP key at:
https://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Twitter
https://twitter.com/VMwareSRC
Copyright 2024 Broadcom. All rights reserved.
Read full article (vmware.com)
All content and images belong to their respected owners, this article is curated for informational purposes only.