Cyber Security News

VMware Workspace Flaw Let Attacker Redirect User to Malicious Source

by Esmeralda McKenzie
written by Esmeralda McKenzie
VMware Workspace Flaw Let Attacker Redirect User to Malicious Source

VMware Workspace Flaw Let Attacker Redirect User to Malicious Source

VMware Workspace Flaw Let Attacker Redirect Individual to Malicious Source

An originate redirect vulnerability in the VMware Workspace ONE UEM console has been identified as CVE-2023-20886, which has a CVSS obtain of 8.8 and is labeled as ‘Vital’ in severity.

By the utilization of this vulnerability, an attacker can also redirect a victim to a malicious online page material where their SAML response is meant to be stolen.

The victim’s Workspace ONE UEM console would then be accessible to the attacker the utilization of the victim particular person’s login credentials.

“A malicious actor will seemingly be in a position to redirect a victim to an attacker and retrieve their SAML response to log in because the victim particular person,” VMware acknowledged in its advisory.

VMware Workspace ONE UEM is a unified endpoint administration (UEM) resolution that allows corporations to put together all of their devices, including wearables, laptops, desktop computers, tablets, and smartphones, from a single interface.

It’s a ways an efficient and adaptable UEM resolution that can even keep prices, simplify IT operations, and presents a obtain discontinuance to the safety posture of enterprises.

VMware issued updates to fix this vulnerability in the affected products. D’Angelo Gonzalez from Crowdstrike reported this grief.

Affected Merchandise

CVE-2023-20886 affects the following VMware Workspace ONE UEM variations:

  • Workspace ONE UEM 2302
  • Workspace ONE UEM 2212
  • Workspace ONE UEM 2209
  • Workspace ONE UEM 2206
  • Workspace ONE UEM 2203

Patches Released

The patched variations of Workspace ONE UEM are as follows:

  • Workspace ONE UEM 23.2.0.10
  • Workspace ONE UEM 22.12.0.20
  • Workspace ONE UEM 22.9.0.29
  • Workspace ONE UEM 22.6.0.36
  • Workspace ONE UEM 22.3.0.48

It’s a ways labeled as “fundamental” and poses a hazard to the corporate the utilization of this resolution since the attacker would possibly possibly maybe salvage confidential company knowledge and sources.

VMware thus advises Organisations to update as fleet as possible to a patched model.

Source credit : cybersecuritynews.com

Related Posts

Google Chrome 127 Released With Fix for Vulnerabilities...

CrowdStrike Details Incident Affected Millions of Windows Systems...

IPFire Unveils New Feature to Protect Systems from...

Play Ransomware Variant Attacking Linux ESXi Servers

Google Researchers Detailed Tools Used by APT41 Hacker...

Threat Actors Hijacking Facebook Accounts With Password Stealing...

Weekly Cyber Security News Letter – Data Breaches,...

CrowdStrike Releases Fix for Updates Causing Windows to...

Cisco Smart Software Manager Flaw Let Attackers Change...

Killer Ultra Malware Attacking EDR Tools From Symantec,...