March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Active Cryptomining Worm
January 13, 2020Rewterz Threat Alert – Muddy Water Summer Mirage Campaign – IOC’s
January 13, 2020Rewterz Threat Alert – Active Cryptomining Worm
January 13, 2020Rewterz Threat Alert – Muddy Water Summer Mirage Campaign – IOC’s
January 13, 2020
Severity
Medium
Analysis Summary
VMware Workspace ONE SDK could allow a remote attacker to obtain sensitive information, caused by improper certificate verification. By using man-in-the-middle techniques a remote attacker could exploit this vulnerability to obtain sensitive data in transit if SSL Pinning is enabled.
Impact
Information disclosure
Affected Vendors
VMware
Affected Products
- Workspace ONE SDK
- Workspace ONE Boxer
- Workspace ONE Content
- Workspace ONE SDK Plugin for Apache Cordova
- Workspace ONE Intelligent Hub
- Workspace ONE Notebook
- Workspace ONE People
- Workspace ONE PIV-D
- Workspace ONE Web
- Workspace ONE SDK Plugin for Xamarin
Remediation
Please see vendor’s advisory for the list of patches available.
https://www.vmware.com/security/advisories/VMSA-2020-0001.html