VMSA-2023-0010

vmware logo header

Moderate


VMSA-2023-0010

4.3

2023-05-23

2023-05-23 (Initial Advisory)

CVE-2023-20868

NSX-T update addresses cross-site scripting vulnerability (CVE-2023-20868)

1. Impacted Products



  • NSX-T

2. Introduction



An XSS vulnerability in NSX-T was privately reported to VMware. Updates are available to address this vulnerability in affected VMware product.

3. NSX-T reflected XSS vulnerability (CVE-2023-20868)

Description



NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.

Known Attack Vectors



A remote attacker can inject HTML or JavaScript to redirect to malicious pages

Resolution



To remediate CVE-2023-20868 update to the version listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds



None

Additional Documentation



An NSX async patch has been made available for VCF customers. Please see knowledge base article 88287 for more information.

Notes



None

Acknowledgements



VMware would like to thank Faisal Patel of Nationwide Building Society for reporting this issue to us.

Response Matrix

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
NSX
4.x
Any
CVE-2023-20868
N/A
N/A

Unaffected
None
None
NSX-T
3.2.x
Any
CVE-2023-20868
None
None
NSX-T
3.1.x, 3.0.x
Any
CVE-2023-20868
N/A
N/A

Unaffected
None
None
Cloud Foundation (NSX-T)
4.5.x
Any
CVE-2023-20868
None
Cloud Foundation (NSX-T)
4.4.x, 4.3.x
Any
CVE-2023-20868
N/A
N/A

Unaffected
None
None

4. References

5. Change Log



2023-05-23 VMSA-2023-0010

Initial security advisory.

6. Contact



E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce 

 

This Security Advisory is posted to the following lists:  

security-announce@lists.vmware.com  

bugtraq@securityfocus.com  

fulldisclosure@seclists.org 

 

E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055 

 

VMware Security Advisories

https://www.vmware.com/security/advisories 

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html 

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html 

 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security 

 

Twitter

https://twitter.com/VMwareSRC

 

Copyright 2023 VMware Inc. All rights reserved.
 

Read full article (vmware.com)

All content and images belong to their respected owners, this article is curated for informational purposes only.

Total
0
Shares
Leave a Reply
Previous Post
citrix logo header

Windows 10 VDI Resolution Changed to 1600 from 1920 after Waking up Dell Wyse from Sleep Mode

Next Post
citrix logo header

VMs Show Gray Screen When Booted Up With vGPU Attached

Related Posts