VMSA-2023-0006

vmware logo header

Moderate


VMSA-2023-0006

6.3

2023-02-28

2023-02-28 (Initial Advisory)

CVE-2023-20857

VMware Workspace ONE Content update addresses a passcode bypass vulnerability (CVE-2023-20857)

1. Impacted Products



  • VMware Workspace ONE Content

2. Introduction



A passcode bypass vulnerability affecting VMware Workspace ONE Content was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products.

3. Passcode bypass vulnerability (CVE-2023-20857)

Description



VMware Workspace ONE Content contains a passcode bypass vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.3.

Known Attack Vectors



A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode.

Resolution



To remediate CVE-2023-20857 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

Workarounds



None.

Additional Documentation



None.

Notes



None.

Acknowledgements



VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us.

Response Matrix

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
Workspace ONE Content
Any
Android
CVE-2023-20857
6.3
moderate

23.02
None
None
Workspace ONE Content
Any
iOS
CVE-2023-20857
N/A
N/A

Unaffected
N/A
N/A

4. References

5. Change Log



2023-02-28: VMSA-2023-0006
Initial security advisory.

6. Contact



E-mail: security@vmware.com
PGP key at: https://kb.vmware.com/kb/1055 

VMware Security Advisories
https://www.vmware.com/security/advisories 

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html 

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html 

VMware Security & Compliance Blog
https://blogs.vmware.com/security 

Twitter
https://twitter.com/VMwareSRC

Copyright 2023 VMware Inc. All rights reserved.

Read full article (vmware.com)

All content and images belong to their respected owners, this article is curated for informational purposes only.

Total
1
Shares
Leave a Reply
Previous Post
Microsoft Security Header

First steps in CHERIoT Security Research

Next Post
citrix logo header

Account URL not found error or Unknown Subdomain

Related Posts