VMwareVMSA-2023-0016VMware Tanzu Application Service for VMs and Isolation Segment updates address information disclosure vulnerability (CVE-2023-20891)
3. VMware Tanzu Application Service for VMs and Isolation Segment information disclosure vulnerability (CVE-2023-20891)
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs .VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.
References
docs.vmware.com/en/VMware-Tanzu-Application-Service/2.11/tas-for-vms/runtime-rn.html
docs.vmware.com/en/VMware-Tanzu-Application-Service/2.11/tas-for-vms/segment-rn.html
docs.vmware.com/en/VMware-Tanzu-Application-Service/2.13/tas-for-vms/runtime-rn.html
docs.vmware.com/en/VMware-Tanzu-Application-Service/2.13/tas-for-vms/segment-rn.html
docs.vmware.com/en/VMware-Tanzu-Application-Service/3.0/tas-for-vms/runtime-rn.html
docs.vmware.com/en/VMware-Tanzu-Application-Service/3.0/tas-for-vms/segment-rn.html
docs.vmware.com/en/VMware-Tanzu-Application-Service/4.0/tas-for-vms/runtime-rn.html
docs.vmware.com/en/VMware-Tanzu-Application-Service/4.0/tas-for-vms/segment-rn.html
network.pivotal.io/products/elastic-runtime#/releases/1342398
network.pivotal.io/products/elastic-runtime#/releases/1342399
network.pivotal.io/products/elastic-runtime#/releases/1342401
network.pivotal.io/products/elastic-runtime#/releases/1342404
network.pivotal.io/products/p-isolation-segment#/releases/1325965
network.pivotal.io/products/p-isolation-segment#/releases/1326008
network.pivotal.io/products/p-isolation-segment#/releases/1326013
network.pivotal.io/products/p-isolation-segment#/releases/1326016
Related
