CVE-2023-20884

Vulnerability

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability (CVE-2023-20884) due to improper path handling. An unauthenticated attacker can exploit this by crafting a malicious URL that redirects a victim to an attacker-controlled domain. Affected versions include VMware Workspace ONE Access and VMware Identity Manager prior to the fixed versions listed in VMSA-2023-0011 [1].

Exploitation

An attacker with network access to the affected service can send a specially crafted link to a victim. No authentication is required. The victim, upon clicking the link, is redirected to an attacker-controlled domain due to the improper path handling. The attacker does not need any special privileges or user interaction beyond the victim clicking the link [1].

Impact

Successful exploitation allows the attacker to redirect the victim to a malicious domain, potentially leading to sensitive information disclosure. This could include OAuth tokens, session cookies, or other credentials that the victim's browser may send to the attacker-controlled site. The impact is limited to information disclosure; no code execution or privilege escalation is achieved [1].

Mitigation

VMware has released updates to address this vulnerability as part of VMSA-2023-0011. Administrators should apply the latest patches to VMware Workspace ONE Access and VMware Identity Manager. No workarounds are available. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the advisory date [1].