Lucene search
HistoryOct 31, 2023 - 9:15 p.m.
CVE-2023-20886
vmware
workspace one uem
open redirect
saml response
login
vulnerability
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
8.6
Confidence
High
EPSS
0
Percentile
14.2%
VMware Workspace ONE UEM console contains an open redirect vulnerability.
A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.
Affected configurations
Node
vmwareworkspace_one_uemRange22.3.0.2–22.3.0.48
ORvmwareworkspace_one_uemRange22.6.0.1–22.6.0.36
ORvmwareworkspace_one_uemRange22.9.0.1–22.9.0.29
ORvmwareworkspace_one_uemRange22.12.0.1–22.12.0.20
ORvmwareworkspace_one_uemRange23.2.0.1–23.2.0.10
| Vendor | Product | Version | CPE |
|---|---|---|---|
| vmware | workspace_one_uem | * | cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:* |
Related
prion
prion
Open redirect
2023-10-31 21:15:00
nessus
nessus
VMware Workspace ONE UEM console Open Redirect (VMSA-2023-0025)
2023-12-06 00:00:00
vmware
vmware
cvelist
cvelist
CVE-2023-20886
2023-10-31 20:44:50
vulnrichment
vulnrichment
CVE-2023-20886
2023-10-31 20:44:50
cve
cve
CVE-2023-20886
2023-10-31 21:15:08
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
8.6
Confidence
High
EPSS
0
Percentile
14.2%
Related for NVD:CVE-2023-20886