OMSA-2024-0001

vmware logo header

Moderate


OMSA-2024-0001

6.8

2024-06-27

2024-06-27 (Initial Advisory)

CVE-2024-22260

VMware Workspace One UEM update addresses an information exposure vulnerability (CVE-2024-22260)

1. Impacted Products



  • VMware Workspace ONE UEM

2. Introduction



A vulnerability affecting Workspace ONE UEM endpoints was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

3. Injection Vulnerability (CVE-2024-22260)

Description



Workspace ONE UEM endpoints contain an information exposure vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.8.

Known Attack Vectors



A malicious actor with network access to the Workspace One UEM may be able to perform an attack resulting in an information exposure.

Resolution



To remediate CVE-2024-22260 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

Workarounds



None.

Additional Documentation



None.

Notes



None.

Acknowledgements



VMware would like to thank Emre Durmaz and Nuri Yavuz of Company Trendyol for reporting this vulnerability to us.

Response Matrix

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Workspace One UEM
23.10.x
Any
CVE-2024-22260
moderate

None
None
VMware Workspace One UEM
23.6.x
Any
CVE-2024-22260
moderate

None
None
VMware Workspace ONE UEM
23.2.x
Any
CVE-2024-22260
moderate

None
None
VMware Workspace One UEM
22.12.x
Any
CVE-2024-22260
moderate

None
None

4. References

5. Change Log



2024-06-27 OMSA-2024-0001
Initial security advisory.

6. Contact



E-mail: security@vmware.com

PGP key at:
https://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter
https://twitter.com/VMwareSRC

Copyright 2024 Broadcom. All rights reserved.

Read full article (vmware.com)

All content and images belong to their respected owners, this article is curated for informational purposes only.

Total
0
Shares
Leave a Reply
Previous Post
citrix logo header

Error: “No device license is currently available for this computer” on Citrix Provisioning service

Next Post
citrix logo header

Storefront – Event ID 3005 – The request queue limit of the session is exceeded

Related Posts