CVE-2023-20886 - OpenCVE

VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Vmware	Workspace One Uem

Configuration 1 [-]

OR	cpe:2.3:a:vmware:workspace_one_uem::::::::
	cpe:2.3:a:vmware:workspace_one_uem::::::::
	cpe:2.3:a:vmware:workspace_one_uem::::::::
	cpe:2.3:a:vmware:workspace_one_uem::::::::
	cpe:2.3:a:vmware:workspace_one_uem::::::::

References

Link	Resource
https://www.vmware.com/security/advisories/VMSA-2023-0025.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: vmware

Published: 2023-10-31T20:44:50.773Z

Updated: 2023-10-31T20:44:50.773Z

Reserved: 2022-11-01T15:41:50.394Z

Link: CVE-2023-20886

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-31T21:15:08.440

Modified: 2023-11-08T18:17:38.787

Link: CVE-2023-20886

JSON object: View

Redhat Information

No data.

CWE

CWE-601

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-20886", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2022-11-01T15:41:50.394Z", "datePublished": "2023-10-31T20:44:50.773Z", "dateUpdated": "2023-10-31T20:44:50.773Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "VMware Workspace ONE UEM Console", "vendor": "n/a", "versions": [{"status": "unaffected", "version": "Workspace ONE UEM 23.6.0.0"}, {"status": "affected", "version": "Workspace ONE UEM 23.2.0.0"}, {"status": "affected", "version": "Workspace ONE UEM 22.12.0.0"}, {"status": "affected", "version": "Workspace ONE UEM 22.9.0.0"}, {"status": "affected", "version": "Workspace ONE UEM 22.6.0.0"}, {"status": "affected", "version": "Workspace ONE UEM 22.3.0.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nVMware Workspace ONE UEM console contains an open redirect vulnerability.\n\n\nA malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.\n\n"}], "value": "VMware Workspace ONE UEM console contains an open redirect vulnerability.\n\n\nA malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2023-10-31T20:44:50.773Z"}, "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2023-0025.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*", "matchCriteriaId": "36749A31-1864-45A1-944A-1187FC302985", "versionEndExcluding": "22.3.0.48", "versionStartIncluding": "22.3.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6939CED-5A78-4308-98F5-5C7E0C96ECDA", "versionEndExcluding": "22.6.0.36", "versionStartIncluding": "22.6.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A73DA2F-EAF9-4004-B27D-69C8C88583C4", "versionEndExcluding": "22.9.0.29", "versionStartIncluding": "22.9.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4ACC19B-34E5-4E52-B0B5-213A3800AAC7", "versionEndExcluding": "22.12.0.20", "versionStartIncluding": "22.12.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*", "matchCriteriaId": "01B5BE21-D245-4FBE-8A4B-325C398A1A23", "versionEndExcluding": "23.2.0.10", "versionStartIncluding": "23.2.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "VMware Workspace ONE UEM console contains an open redirect vulnerability.\n\n\nA malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.\n\n"}, {"lang": "es", "value": "La consola VMware Workspace ONE UEM contiene una vulnerabilidad de redireccionamiento abierto. Un actor malintencionado puede redirigir a una v\u00edctima hacia un atacante y recuperar su respuesta SAML para iniciar sesi\u00f3n como el usuario v\u00edctima."}], "id": "CVE-2023-20886", "lastModified": "2023-11-08T18:17:38.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2023-10-31T21:15:08.440", "references": [{"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2023-0025.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "security@vmware.com", "type": "Secondary"}]}