8.8
CVE-2023-20886
- EPSS 0.36%
- Veröffentlicht 31.10.2023 21:15:08
- Zuletzt bearbeitet 21.11.2024 07:41:45
- Quelle security@vmware.com
- Teams Watchlist Login
- Unerledigt Login
VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Workspace One Uem Version >= 22.3.0.2 < 22.3.0.48
VMware ≫ Workspace One Uem Version >= 22.6.0.1 < 22.6.0.36
VMware ≫ Workspace One Uem Version >= 22.9.0.1 < 22.9.0.29
VMware ≫ Workspace One Uem Version >= 22.12.0.1 < 22.12.0.20
VMware ≫ Workspace One Uem Version >= 23.2.0.1 < 23.2.0.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.55 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| security@vmware.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.