CVE-2023-20884

6.1MEDIUM

Key Information

Vendor: Vmware
Status: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware Cloud Foundation (Cloud Foundation)
Vendor: CVE Published:; 30 May 2023

Summary

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.

Affected Version(s)

VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware Cloud Foundation (Cloud Foundation) = Workspace ONE Access 22.09.1.0, Workspace ONE Access 22.09.0.0, Workspace ONE Access 21.08.x, VMware Identity Manager 3.3.7, VMware Identity Manager 3.3.6

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
May 30, 2023
Vulnerability Reserved.
Nov 1, 2022

Collectors

NVD DatabaseMitre Database