VMSA-2023-0025

vmware logo header

Important


VMSA-2023-0025

8.8

2023-10-31

2023-10-31 (Initial Advisory)

CVE-2023-20886

VMware Workspace ONE UEM console updates address an open redirect vulnerability (CVE-2023-20886)

1. Impacted Products



  • VMware Workspace ONE UEM console

2. Introduction



An open redirect vulnerability in VMware Workspace ONE UEM console was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

3. Advisory Details

Description



VMware Workspace ONE UEM console contains an open redirect vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8.

Known Attack Vectors



A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.

Resolution



To remediate CVE-2023-20886 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

Workarounds



None.

Additional Documentation



None.

Notes



None.

Acknowledgements



VMware would like to thank D’Angelo Gonzalez of Crowdstrike for reporting this issue to us.

Response Matrix

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
Workspace ONE UEM
2306
Any
CVE-2023-20886
N/A
N/A

Unaffected
N/A
N/A
Workspace ONE UEM
2302
Any
CVE-2023-20886
8.8
important

None
None
Workspace ONE UEM
2212
Any
CVE-2023-20886
8.8
important

None
None
Workspace ONE UEM
2209
Any
CVE-2023-20886
8.8
important

None
None
Workspace ONE UEM
2206
Any
CVE-2023-20886
8.8
important

None
None
Workspace ONE UEM
2203
Any
CVE-2023-20886
8.8
important

None
None

4. References

5. Change Log



2023-10-31: VMSA-2023-0025
Initial security advisory.

6. Contact



E-mail: security@vmware.com

PGP key at: 
https://kb.vmware.com/kb/1055 

VMware Security Advisories
https://www.vmware.com/security/advisories 

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html 

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html 

VMware Security & Compliance Blog  
https://blogs.vmware.com/security 

Twitter
https://twitter.com/VMwareSRC

Copyright 2023 VMware Inc. All rights reserved.

Read full article (vmware.com)

All content and images belong to their respected owners, this article is curated for informational purposes only.

Total
0
Shares
Leave a Reply
Previous Post
citrix logo header

“High DPI” is reintroduced in Citrix Workspace App for Windows 2210

Next Post
citrix logo header

Users Can Start Multiple Published Desktops that have Instance Limits

Related Posts