VMwareVMSA-2020-0019VMware App Volumes patches address Stored Cross-Site Scripting (XSS) vulnerability (CVE-2020-3975)
0.001 Low
EPSS
Percentile
22.9%
3a. Advisory Details
VMware App Volumes does not correctly validate user input when creating and editing applications or creating storage groups. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.5.
| CPE | Name | Operator | Version |
|---|---|---|---|
| app volumes | lt | 2.18.6 | |
| app volumes | lt | 2006 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3975
docs.vmware.com/en/VMware-App-Volumes/2.18.6/rn/VMware-App-Volumes-2186-Release-Notes.html
docs.vmware.com/en/VMware-App-Volumes/2006/rn/VMware-App-Volumes-4-version-2006.html
my.vmware.com/web/vmware/downloads/info/slug/desktop_end_user_computing/vmware_app_volumes/2_x
my.vmware.com/web/vmware/downloads/info/slug/desktop_end_user_computing/vmware_app_volumes/4_x
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Related
