CVE-2023-20891
VMware Tanzu Application Service for VMs and Isolation Segment information disclosure vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2022-11-01 CVE Reserved
- 2023-07-26 CVE Published
- 2024-10-21 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2023-0016.html | 2023-08-03 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Isolation Segment Search vendor "Vmware" for product "Isolation Segment" | >= 2.11.0 < 2.11.35 Search vendor "Vmware" for product "Isolation Segment" and version " >= 2.11.0 < 2.11.35" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Isolation Segment Search vendor "Vmware" for product "Isolation Segment" | >= 2.13.0 < 2.13.20 Search vendor "Vmware" for product "Isolation Segment" and version " >= 2.13.0 < 2.13.20" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Isolation Segment Search vendor "Vmware" for product "Isolation Segment" | >= 3.0.0 < 3.0.13 Search vendor "Vmware" for product "Isolation Segment" and version " >= 3.0.0 < 3.0.13" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Isolation Segment Search vendor "Vmware" for product "Isolation Segment" | >= 4.0.0 < 4.0.4 Search vendor "Vmware" for product "Isolation Segment" and version " >= 4.0.0 < 4.0.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Tanzu Application Service For Virtual Machines Search vendor "Vmware" for product "Tanzu Application Service For Virtual Machines" | >= 2.11.0 < 2.11.42 Search vendor "Vmware" for product "Tanzu Application Service For Virtual Machines" and version " >= 2.11.0 < 2.11.42" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Tanzu Application Service For Virtual Machines Search vendor "Vmware" for product "Tanzu Application Service For Virtual Machines" | >= 2.13.0 < 2.13.24 Search vendor "Vmware" for product "Tanzu Application Service For Virtual Machines" and version " >= 2.13.0 < 2.13.24" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Tanzu Application Service For Virtual Machines Search vendor "Vmware" for product "Tanzu Application Service For Virtual Machines" | >= 3.0.0 < 3.0.14 Search vendor "Vmware" for product "Tanzu Application Service For Virtual Machines" and version " >= 3.0.0 < 3.0.14" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Tanzu Application Service For Virtual Machines Search vendor "Vmware" for product "Tanzu Application Service For Virtual Machines" | >= 4.0.0 < 4.0.5 Search vendor "Vmware" for product "Tanzu Application Service For Virtual Machines" and version " >= 4.0.0 < 4.0.5" | - |
Affected
| ||||||