VMware Tanzu Application Service for VMs and Isolation Segment information disclosure vulnerability
CVE-2023-20891

6.5MEDIUM

Key Information:

Vendor

Vmware
Status
Vmware Tanzu Application Service For Vms
Isolation Segment
Vendor
CVE Published:
26 July 2023

What is CVE-2023-20891?

The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Isolation segment Windows 4.0.x < 4.0.4

Isolation segment Windows 3.0.x < 3.0.13

Isolation segment Windows 2.13.x < 2.13.20

References

https://www.vmware.com/security/advisories/VMSA-2023-0016...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.