Hand-Picked Top-Read Stories

Policy data may be lost when a CVAD site is upgraded from an older version to 2311 or 2402

16 views

Seamless Flags Configuration for Epic Hyperspace

17 views

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549

44 views

Trending Tags

VMware Virtualisation

394 views

2 minute read

VMSA-2023-0010

24 May 2023

Moderate

Advisory ID:
VMSA-2023-0010

CVSSv3 Range:
4.3

Issue Date:
2023-05-23

Updated On:
2023-05-23 (Initial Advisory)

CVE(s):
CVE-2023-20868

Synopsis:
NSX-T update addresses cross-site scripting vulnerability (CVE-2023-20868)

1. Impacted Products

NSX-T

2. Introduction

An XSS vulnerability in NSX-T was privately reported to VMware. Updates are available to address this vulnerability in affected VMware product.

3. NSX-T reflected XSS vulnerability (CVE-2023-20868)

Description

NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.

Known Attack Vectors

A remote attacker can inject HTML or JavaScript to redirect to malicious pages

Resolution

To remediate CVE-2023-20868 update to the version listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds

None

Additional Documentation

An NSX async patch has been made available for VCF customers. Please see knowledge base article 88287 for more information.

Notes

None

Acknowledgements

VMware would like to thank Faisal Patel of Nationwide Building Society for reporting this issue to us.

Response Matrix

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
NSX	4.x	Any	CVE-2023-20868	N/A	N/A	Unaffected	None	None
NSX-T	3.2.x	Any	CVE-2023-20868	4.3	moderate	3.2.3	None	None
NSX-T	3.1.x, 3.0.x	Any	CVE-2023-20868	N/A	N/A	Unaffected	None	None
Cloud Foundation (NSX-T)	4.5.x	Any	CVE-2023-20868	4.3	moderate	NSX-T 3.2.3	None	KB88287
Cloud Foundation (NSX-T)	4.4.x, 4.3.x	Any	CVE-2023-20868	N/A	N/A	Unaffected	None	None

4. References

Fixed Version(s) and Release Notes:

NSX-T 3.2.3 Release Notes

Downloads and Documentation:

https://docs.vmware.com/en/VMware-NSX/3.2.3/rn/vmware-nsxt-data-center-323-release-notes/index.html

https://customerconnect.vmware.com/downloads/info/slug/networking_security/vmware_nsx_t_data_center/3_x

https://kb.vmware.com/s/article/88287

Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20868

FIRST CVSSv3 Calculator:
CVE-2023-20868: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

5. Change Log

2023-05-23 VMSA-2023-0010

Initial security advisory.

6. Contact

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce@lists.vmware.com

bugtraq@securityfocus.com

fulldisclosure@seclists.org

E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055

VMware Security Advisories

https://www.vmware.com/security/advisories

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog

https://blogs.vmware.com/security

Twitter

https://twitter.com/VMwareSRC

Copyright 2023 VMware Inc. All rights reserved.

Read full article (vmware.com)

All content and images belong to their respected owners, this article is curated for informational purposes only.

Leave a Reply Cancel reply

You must be logged in to post a comment.

Previous Post

Citrix

Windows 10 VDI Resolution Changed to 1600 from 1920 after Waking up Dell Wyse from Sleep Mode

23 May 2023

Next Post

Citrix

VMs Show Gray Screen When Booted Up With vGPU Attached

24 May 2023