CVE-2023-20886

2023-10-3121:15:08

CWE-601

vmware

web.nvd.nist.gov

vmware

workspace one

uem

console

open redirect

vulnerability

cve-2023-20886

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.1

Confidence

High

EPSS

Percentile

14.2%

JSON

VMware Workspace ONE UEM console contains an open redirect vulnerability.

A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.

Affected configurations

Nvd

Node

vmwareworkspace_one_uemRange22.3.0.2–22.3.0.48

vmwareworkspace_one_uemRange22.6.0.1–22.6.0.36

vmwareworkspace_one_uemRange22.9.0.1–22.9.0.29

vmwareworkspace_one_uemRange22.12.0.1–22.12.0.20

vmwareworkspace_one_uemRange23.2.0.1–23.2.0.10

VendorProductVersionCPE
vmwareworkspace_one_uem*cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	workspace_one_uem	*	cpe:2.3:a:vmware:workspace_one_uem::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VMware Workspace ONE UEM Console",
    "vendor": "n/a",
    "versions": [
      {
        "status": "unaffected",
        "version": "Workspace ONE UEM 23.6.0.0"
      },
      {
        "status": "affected",
        "version": "Workspace ONE UEM 23.2.0.0"
      },
      {
        "status": "affected",
        "version": "Workspace ONE UEM 22.12.0.0"
      },
      {
        "status": "affected",
        "version": "Workspace ONE UEM 22.9.0.0"
      },
      {
        "status": "affected",
        "version": "Workspace ONE UEM 22.6.0.0"
      },
      {
        "status": "affected",
        "version": "Workspace ONE UEM 22.3.0.0"
      }
    ]
  }
]