CVE-2023-20884

CWE-601Open Redirect4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.4%
top 41.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Workspace ONE AccessVmware Identity Manager
Timeline
PublishedMay 30
Latest updateJul 6

Description

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDvmware/workspace_one_access21.0.8.022.09.1.0
NVDvmware/identity_manager3.3.6, 3.3.7+1

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-mhgf-hv55-f778: VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability2023-07-06
CVEList
CVE-2023-20884: VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability2023-05-30

📋Vendor Advisories

1
VMware
VMware Workspace ONE Access and Identity Manager update addresses an Insecure Redirect Vulnerability. (CVE-2023-20884)2023-05-30
CVE-2023-20884 (MEDIUM CVSS 6.1) | VMware Workspace ONE Access and VMw | cvebase.io