VMware Workspace Flaw Let Attacker Redirect User to Malicious Source

An open redirect vulnerability in the VMware Workspace ONE UEM console has been identified as CVE-2023-20886, which has a CVSS score of 8.8 and is classified as ‘Important’ in severity.

By using this vulnerability, an attacker could redirect a victim to a malicious website where their SAML response is intended to be stolen. 

The victim’s Workspace ONE UEM console would then be accessible to the attacker using the victim user’s login credentials.

“A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to log in as the victim user,” VMware said in its advisory.

VMware Workspace ONE UEM is a unified endpoint management (UEM) solution that allows businesses to manage all of their devices, including wearables, laptops, desktop computers, tablets, and smartphones, from a single interface. 

It is an effective and adaptable UEM solution that may save expenses, simplify IT operations, and strengthen the security posture of enterprises.

VMware issued updates to fix this vulnerability in the affected products. D’Angelo Gonzalez from Crowdstrike reported this issue.

Affected Products

CVE-2023-20886 affects the following VMware Workspace ONE UEM versions:

  • Workspace ONE UEM 2302
  • Workspace ONE UEM 2212
  • Workspace ONE UEM 2209
  • Workspace ONE UEM 2206
  • Workspace ONE UEM 2203

Patches Released

The patched versions of Workspace ONE UEM are as follows:

  • Workspace ONE UEM 23.2.0.10
  • Workspace ONE UEM 22.12.0.20
  • Workspace ONE UEM 22.9.0.29
  • Workspace ONE UEM 22.6.0.36
  • Workspace ONE UEM 22.3.0.48

It is classified as “important” and poses a danger to the company using this solution since the attacker might obtain confidential corporate information and resources.

VMware thus advises Organisations to update as quickly as possible to a patched version.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.