OMSA-2024-0001

• VMware Workspace ONE UEM

A vulnerability affecting Workspace ONE UEM endpoints was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

Workspace ONE UEM endpoints contain an information exposure vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.8.

A malicious actor with network access to the Workspace One UEM may be able to perform an attack resulting in an information exposure.

To remediate CVE-2024-22260 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

None.

None.

None.

VMware would like to thank Emre Durmaz and Nuri Yavuz of Company Trendyol for reporting this vulnerability to us.

Downloads and Documentation:

VMware Workspace ONE UEM – 23.10.0.13

https://resources.workspaceone.com/view/nzf369mf88y2m3nwfgp4

VMware Workspace ONE UEM – 23.6.0.30

https://resources.workspaceone.com/view/pcn963yp8l5vbkr85cyf

VMware Workspace ONE UEM – 23.2.0.46

https://resources.workspaceone.com/view/7nqwprpyyzf3brzwgvsy

VMware Workspace ONE UEM – 22.12.0.47

https://resources.workspaceone.com/view/blyxpgfw8m79yd8wm7dh

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22260

FIRST CVSSv3 Calculator:
CVE-2024-22260: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

2024-06-27 OMSA-2024-0001
Initial security advisory.

E-mail: security@vmware.com

PGP key at:
https://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter
https://twitter.com/VMwareSRC

Copyright 2024 Broadcom. All rights reserved.