- 121/2023
- Medium
VMware has released security updates to fix multiple vulnerabilities across multiple Vmware products.
The addressed vulnerabilities could allow the remote attacker to perform cross-site scripting attacks, or disclose sensitive information from the affected products using a specially crafted URL to redirect the victim to the attacker-controlled domain.
Sample of the addressed vulnerabilities:
VMware Insecure Redirect Vulnerability (CVE-2023-20884):
- CVSS: 6.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Information Disclosure
Affected Products:
- VMware Workspace ONE Access (Access).
- VMware Identity Manager (vIDM).
- VMware Cloud Foundation (Cloud Foundation).
- VMware NSX-T.
Vulnerabilities
- CVE-2023-20884
- CVE-2023-20868
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.