Severity
High
Analysis Summary
CVE-2023-20886
VMware Workspace ONE UEM could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites to retrieve the SAML response to login as the victim user.
Impact
- Unauthorized Access
Indicators Of Compromise
CVE
- CVE-2023-20886
Affected Vendors
VMware
Affected Products
- VMware Workspace ONE UEM Console 2203
- VMware Workspace ONE UEM Console 2206
- VMware Workspace ONE UEM Console 2209
- VMware Workspace ONE UEM Console 2212
- VMware Workspace ONE UEM Console 2302
Remediation
Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.