Insecure Redirect Vulnerability in VMware Workspace ONE Access and VMware Identity Manager
CVE-2023-20884

6.1MEDIUM

Key Information:

Vendor: Vmware
Status: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware Cloud Foundation (Cloud Foundation)
Vendor: CVE Published:; 30 May 2023

Summary

VMware Workspace ONE Access and VMware Identity Manager are susceptible to an insecure redirect vulnerability due to insufficient path validation. This flaw allows an unauthenticated adversary to redirect users to a malicious domain, potentially exposing sensitive information. By exploiting this vulnerability, attackers can manipulate legitimate user requests, leading to data leakage and other security concerns.

Affected Version(s)

VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware Cloud Foundation (Cloud Foundation) Workspace ONE Access 22.09.1.0, Workspace ONE Access 22.09.0.0, Workspace ONE Access 21.08.x, VMware Identity Manager 3.3.7, VMware Identity Manager 3.3.6

References

https://www.vmware.com/security/advisories/VMSA-2023-0011...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 30, 2023
Vulnerability Reserved
Nov 1, 2022