Lucene search

K
oraclelinuxOracleLinuxELSA-2023-7277
HistoryNov 16, 2023 - 12:00 a.m.

open-vm-tools security update

2023-11-1600:00:00
linux.oracle.com
5
open-vm-tools
security update
saml token
signature bypass
vmware-user-suid-wrapper
vulnerability

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

44.9%

[12.2.5-3.0.1.2]

  • Address CVE-2023-34058 - BZ 2246963 - SAML token signature token bypass.
  • Address CVE-2023-34059 - BZ 2246962 - vmware-user-suid-wrapper

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

44.9%