Lucene search
VmwareCVELIST:CVE-2023-20886HistoryOct 31, 2023 - 8:44 p.m.
CVE-2023-20886
2023-10-3120:44:50
CWE-601
vmware
www.cve.org
1
vmware
workspace one
uem
open redirect
vulnerability
saml response
login
malicious actor
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0
Percentile
14.2%
VMware Workspace ONE UEM console contains an open redirect vulnerability.
A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "VMware Workspace ONE UEM Console",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "Workspace ONE UEM 23.6.0.0"
},
{
"status": "affected",
"version": "Workspace ONE UEM 23.2.0.0"
},
{
"status": "affected",
"version": "Workspace ONE UEM 22.12.0.0"
},
{
"status": "affected",
"version": "Workspace ONE UEM 22.9.0.0"
},
{
"status": "affected",
"version": "Workspace ONE UEM 22.6.0.0"
},
{
"status": "affected",
"version": "Workspace ONE UEM 22.3.0.0"
}
]
}
]Related
prion
prion
Open redirect
2023-10-31 21:15:00
nessus
nessus
VMware Workspace ONE UEM console Open Redirect (VMSA-2023-0025)
2023-12-06 00:00:00
vmware
vmware
vulnrichment
vulnrichment
CVE-2023-20886
2023-10-31 20:44:50
nvd
nvd
CVE-2023-20886
2023-10-31 21:15:08
cve
cve
CVE-2023-20886
2023-10-31 21:15:08
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0
Percentile
14.2%
Related for CVELIST:CVE-2023-20886