Vulnerability Details CVE-2023-20884
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.2%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2023-20884
-
cpe:2.3:a:vmware:cloud_foundation:-
-
cpe:2.3:a:vmware:identity_manager:3.3.6
-
cpe:2.3:a:vmware:identity_manager:3.3.7
-
cpe:2.3:a:vmware:identity_manager_connector:19.03.0.1
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.1
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.2
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.3
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.4
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.5
-
cpe:2.3:a:vmware:identity_manager_connector:3.3.6
-
cpe:2.3:a:vmware:workspace_one_access:21.08
-
cpe:2.3:a:vmware:workspace_one_access:21.08.0.0
-
cpe:2.3:a:vmware:workspace_one_access:21.08.0.1
-
cpe:2.3:a:vmware:workspace_one_access:21.08.01
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-