CVE-2023-20884

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published May 30, 2023

Updated: Jan 10, 2025

CWE ID 601

Summary

CVE-2023-20884 is a vulnerability affecting VMware Workspace ONE Access and VMware Identity Manager. An unauthenticated attacker can exploit this insecure redirect issue, which stems from improper path handling, to redirect victims to malicious domains. The potential outcome of this vulnerability is sensitive information disclosure. VMware has released patches to address this issue, and it is recommended that organizations install the updates promptly to mitigate the risk. Failure to do so may expose user data to potential threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

VMware Identity Manager Connector
Workspace ONE Access
VMware Identity Manager

Affected Vendors

VMware Inc.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners