Vulnerability-Lookup

CVE-2023-20867 (GCVE-0-2023-20867)

Vulnerability from cvelistv5 – Published: 2023-06-13 16:47 – Updated: 2025-10-21 23:05

CISA KEV

Title

VMware Tools Authentication Bypass Vulnerability

Summary

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

Severity

3.9 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

CWE

CWE-287 - Improper Authentication

Assigner

vmware

References

9 references

URL	Tags
https://www.vmware.com/security/advisories/VMSA-2…
https://security.netapp.com/advisory/ntap-2023072…
https://lists.debian.org/debian-lts-announce/2023…
https://www.debian.org/security/2023/dsa-5493
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
http://www.openwall.com/lists/oss-security/2023/10/16/2
http://www.openwall.com/lists/oss-security/2023/1…

Impacted products

1 product

Vendor	Product	Version
VMware	VMware Tools	Unaffected: 12.2.5

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: a4a5f309-3149-4b71-aa53-5e75cd8d6d6d

Vulnerability ID: CVE-2023-20867

Status: Confirmed

Status Updated: 2023-06-23 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2023-06-23

Asserted: 2023-06-23

Scope

Notes: KEV entry: VMware Tools Authentication Bypass Vulnerability | Affected: VMware / Tools | Description: VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. An attacker must have root access over ESXi to exploit this vulnerability. | Required action: Apply updates per vendor instructions. | Due date: 2023-07-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.vmware.com/security/advisories/VMSA-2023-0013.html; https://nvd.nist.gov/vuln/detail/CVE-2023-20867

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-287
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Tools
Due Date	2023-07-14
Date Added	2023-06-23
Vendorproject	VMware
Vulnerabilityname	VMware Tools Authentication Bypass Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2023-20867

Created: 2026-02-02 12:26 UTC | Updated: 2026-02-06 07:17 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:21:33.524Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230725-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5493"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/16/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/16/11"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20867",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T19:00:03.914893Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-06-23",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20867"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:46.160Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20867"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-06-23T00:00:00.000Z",
            "value": "CVE-2023-20867 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "Linux"
          ],
          "product": "VMware Tools",
          "vendor": "VMware",
          "versions": [
            {
              "status": "unaffected",
              "version": "12.2.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine."
            }
          ],
          "value": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-16T17:06:26.274Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230725-0001/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5493"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/16/2"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/16/11"
        }
      ],
      "source": {
        "advisory": "VMSA-2023-0013",
        "discovery": "EXTERNAL"
      },
      "title": "VMware Tools Authentication Bypass Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2023-20867",
    "datePublished": "2023-06-13T16:47:21.689Z",
    "dateReserved": "2022-11-01T15:41:50.390Z",
    "dateUpdated": "2025-10-21T23:05:46.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-20867",
      "cwes": "[\"CWE-287\"]",
      "dateAdded": "2023-06-23",
      "dueDate": "2023-07-14",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-20867",
      "product": "Tools",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. An attacker must have root access over ESXi to exploit this vulnerability.",
      "vendorProject": "VMware",
      "vulnerabilityName": "VMware Tools Authentication Bypass Vulnerability"
    },
    "epss": {
      "cve": "CVE-2023-20867",
      "date": "2026-05-26",
      "epss": "0.02946",
      "percentile": "0.86626"
    },
    "fkie_nvd": {
      "cisaActionDue": "2023-07-14",
      "cisaExploitAdd": "2023-06-23",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "VMware Tools Authentication Bypass Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.3.0\", \"versionEndExcluding\": \"12.2.5\", \"matchCriteriaId\": \"7E0027C7-536C-42DC-A0FA-7215968B3E1B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.\"}, {\"lang\": \"es\", \"value\": \"Un host ESXi totalmente comprometido puede obligar a VMware Tools a no poder autenticar las operaciones de host a invitado, lo que afecta la confidencialidad y la integridad de la m\\u00e1quina virtual invitada.\"}]",
      "id": "CVE-2023-20867",
      "lastModified": "2024-11-21T07:41:43.433",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@vmware.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N\", \"baseScore\": 3.9, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 2.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N\", \"baseScore\": 3.9, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 2.7}]}",
      "published": "2023-06-13T17:15:14.070",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/16/11\", \"source\": \"security@vmware.com\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/16/2\", \"source\": \"security@vmware.com\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html\", \"source\": \"security@vmware.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/\", \"source\": \"security@vmware.com\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/\", \"source\": \"security@vmware.com\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/\", \"source\": \"security@vmware.com\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230725-0001/\", \"source\": \"security@vmware.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5493\", \"source\": \"security@vmware.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.vmware.com/security/advisories/VMSA-2023-0013.html\", \"source\": \"security@vmware.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/16/11\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/16/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230725-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5493\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.vmware.com/security/advisories/VMSA-2023-0013.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@vmware.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@vmware.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-20867\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2023-06-13T17:15:14.070\",\"lastModified\":\"2025-10-28T13:46:56.110\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.\"},{\"lang\":\"es\",\"value\":\"Un host ESXi totalmente comprometido puede obligar a VMware Tools a no poder autenticar las operaciones de host a invitado, lo que afecta la confidencialidad y la integridad de la m\u00e1quina virtual invitada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":3.9,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":3.9,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":2.7}]},\"cisaExploitAdd\":\"2023-06-23\",\"cisaActionDue\":\"2023-07-14\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"VMware Tools Authentication Bypass Vulnerability\",\"weaknesses\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.3.0\",\"versionEndExcluding\":\"12.2.5\",\"matchCriteriaId\":\"7E0027C7-536C-42DC-A0FA-7215968B3E1B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/16/11\",\"source\":\"security@vmware.com\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/16/2\",\"source\":\"security@vmware.com\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html\",\"source\":\"security@vmware.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/\",\"source\":\"security@vmware.com\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/\",\"source\":\"security@vmware.com\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/\",\"source\":\"security@vmware.com\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230725-0001/\",\"source\":\"security@vmware.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5493\",\"source\":\"security@vmware.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.vmware.com/security/advisories/VMSA-2023-0013.html\",\"source\":\"security@vmware.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/16/11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/16/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230725-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5493\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.vmware.com/security/advisories/VMSA-2023-0013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20867\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.vmware.com/security/advisories/VMSA-2023-0013.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230725-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5493\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/16/2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/16/11\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T09:21:33.524Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-20867\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T19:00:03.914893Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-06-23\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20867\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-06-23T00:00:00.000Z\", \"value\": \"CVE-2023-20867 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20867\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T19:00:16.288Z\"}}], \"cna\": {\"title\": \"VMware Tools Authentication Bypass Vulnerability\", \"source\": {\"advisory\": \"VMSA-2023-0013\", \"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-115\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-115 Authentication Bypass\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 3.9, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"VMware\", \"product\": \"VMware Tools\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"12.2.5\"}], \"platforms\": [\"Windows\", \"Linux\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.vmware.com/security/advisories/VMSA-2023-0013.html\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230725-0001/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5493\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/16/2\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/16/11\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2023-10-16T17:06:26.274Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-20867\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:05:46.160Z\", \"dateReserved\": \"2022-11-01T15:41:50.390Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2023-06-13T16:47:21.689Z\", \"assignerShortName\": \"vmware\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-0457

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans VMware Tools. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	N/A	VMware Tools versions 10.3.x à 12.x antérieures à 12.2.5

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2023-0013 du 13 juin 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Tools versions 10.3.x \u00e0 12.x ant\u00e9rieures \u00e0 12.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-20867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20867"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0457",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans VMware Tools. Elle permet \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans VMware Tools",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0013 du 13 juin 2023",
      "url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html"
    }
  ]
}

CERTFR-2023-AVI-0839

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling	IBM Sterling Order Management versions 10.0.x antérieures à 10.0.2309.0
IBM	N/A	IBM Db2 on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 antérieures à 4.7 Refresh 3
IBM	Db2	IBM Db2 versions 10.5.0.x sans les derniers correctifs de sécurité
IBM	Db2	IBM Db2 versions 11.1.4.x sans les derniers correctifs de sécurité
IBM	Db2	IBM Db2 REST versions 1.0.0.121-amd64 à 1.0.0.276-amd64 antérieures à 1.0.0.291-amd64
IBM	N/A	IBM Db2 Warehouse on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 antérieures à 4.7 Refresh 3
IBM	Db2	IBM Db2 versions 11.5.x sans les derniers correctifs de sécurité
IBM	QRadar	IBM QRadar Network Packet Capture versions 7.5.x antérieures à 7.5.0 UP6
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7047565 du 06 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7049129 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7047481 du 06 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7049434 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7047499 du 06 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7047754 du 06 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7049133 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7047724 du 06 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7049435 du 10 octobre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling Order Management versions 10.0.x ant\u00e9rieures \u00e0 10.0.2309.0",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 ant\u00e9rieures \u00e0 4.7 Refresh 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 10.5.0.x sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.1.4.x sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 REST versions 1.0.0.121-amd64 \u00e0 1.0.0.276-amd64 ant\u00e9rieures \u00e0 1.0.0.291-amd64",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 Warehouse on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 ant\u00e9rieures \u00e0 4.7 Refresh 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.5.x sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar Network Packet Capture versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP6",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2023-21843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
    },
    {
      "name": "CVE-2022-21426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
    },
    {
      "name": "CVE-2023-33201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
    },
    {
      "name": "CVE-2023-32697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32697"
    },
    {
      "name": "CVE-2023-30991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30991"
    },
    {
      "name": "CVE-2023-29404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
    },
    {
      "name": "CVE-2020-9546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2020-13956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
    },
    {
      "name": "CVE-2023-29256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29256"
    },
    {
      "name": "CVE-2020-10673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
    },
    {
      "name": "CVE-2020-35728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
    },
    {
      "name": "CVE-2020-36181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
    },
    {
      "name": "CVE-2020-9548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
    },
    {
      "name": "CVE-2023-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
    },
    {
      "name": "CVE-2020-36182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
    },
    {
      "name": "CVE-2020-24616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
    },
    {
      "name": "CVE-2023-30431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30431"
    },
    {
      "name": "CVE-2022-42703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
    },
    {
      "name": "CVE-2020-36185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2022-25147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
    },
    {
      "name": "CVE-2019-16942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
    },
    {
      "name": "CVE-2020-9547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
    },
    {
      "name": "CVE-2020-36179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
    },
    {
      "name": "CVE-2023-29403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
    },
    {
      "name": "CVE-2023-35012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35012"
    },
    {
      "name": "CVE-2023-30443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30443"
    },
    {
      "name": "CVE-2020-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
    },
    {
      "name": "CVE-2020-36189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
    },
    {
      "name": "CVE-2020-35490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
    },
    {
      "name": "CVE-2023-29405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
    },
    {
      "name": "CVE-2023-34454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
    },
    {
      "name": "CVE-2023-27869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27869"
    },
    {
      "name": "CVE-2021-20190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
    },
    {
      "name": "CVE-2023-26049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
    },
    {
      "name": "CVE-2023-32342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32342"
    },
    {
      "name": "CVE-2023-2828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
    },
    {
      "name": "CVE-2023-30446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30446"
    },
    {
      "name": "CVE-2019-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
    },
    {
      "name": "CVE-2023-34453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
    },
    {
      "name": "CVE-2023-29007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29007"
    },
    {
      "name": "CVE-2019-14893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
    },
    {
      "name": "CVE-2022-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
    },
    {
      "name": "CVE-2020-11113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
    },
    {
      "name": "CVE-2023-27868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27868"
    },
    {
      "name": "CVE-2023-35116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
    },
    {
      "name": "CVE-2023-20867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20867"
    },
    {
      "name": "CVE-2023-28709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
    },
    {
      "name": "CVE-2020-10672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
    },
    {
      "name": "CVE-2023-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
    },
    {
      "name": "CVE-2020-10969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
    },
    {
      "name": "CVE-2023-30445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30445"
    },
    {
      "name": "CVE-2022-40609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
    },
    {
      "name": "CVE-2020-36187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
    },
    {
      "name": "CVE-2023-30447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30447"
    },
    {
      "name": "CVE-2023-30442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30442"
    },
    {
      "name": "CVE-2023-34455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
    },
    {
      "name": "CVE-2023-30441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30441"
    },
    {
      "name": "CVE-2020-11620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
    },
    {
      "name": "CVE-2023-27867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27867"
    },
    {
      "name": "CVE-2023-34396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34396"
    },
    {
      "name": "CVE-2020-24750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2023-39976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39976"
    },
    {
      "name": "CVE-2019-16943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
    },
    {
      "name": "CVE-2022-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
    },
    {
      "name": "CVE-2020-28491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
    },
    {
      "name": "CVE-2019-20330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
    },
    {
      "name": "CVE-2020-14195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2023-22809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
    },
    {
      "name": "CVE-2020-35491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
    },
    {
      "name": "CVE-2019-17531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
    },
    {
      "name": "CVE-2023-33850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
    },
    {
      "name": "CVE-2023-30448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30448"
    },
    {
      "name": "CVE-2020-14061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
    },
    {
      "name": "CVE-2023-2597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
    },
    {
      "name": "CVE-2020-11619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
    },
    {
      "name": "CVE-2022-48339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48339"
    },
    {
      "name": "CVE-2023-27558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27558"
    },
    {
      "name": "CVE-2020-36183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
    },
    {
      "name": "CVE-2020-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
    },
    {
      "name": "CVE-2023-38408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
    },
    {
      "name": "CVE-2023-34981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34981"
    },
    {
      "name": "CVE-2023-30449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30449"
    },
    {
      "name": "CVE-2020-36184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
    },
    {
      "name": "CVE-2023-30994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30994"
    },
    {
      "name": "CVE-2020-36180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2019-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2023-25652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25652"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2023-23487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23487"
    },
    {
      "name": "CVE-2020-10968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
    },
    {
      "name": "CVE-2020-25649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2023-40367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40367"
    },
    {
      "name": "CVE-2023-29402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
    },
    {
      "name": "CVE-2023-26048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
    },
    {
      "name": "CVE-2020-11112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    },
    {
      "name": "CVE-2020-11111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
    },
    {
      "name": "CVE-2023-34149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34149"
    },
    {
      "name": "CVE-2020-14060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
    },
    {
      "name": "CVE-2020-36188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
    },
    {
      "name": "CVE-2016-1000027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    },
    {
      "name": "CVE-2020-14062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0839",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047565 du 06 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7047565"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7049129 du 10 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7049129"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047481 du 06 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7047481"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7049434 du 10 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7049434"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047499 du 06 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7047499"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047754 du 06 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7047754"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7049133 du 10 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7049133"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047724 du 06 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7047724"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7049435 du 10 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7049435"
    }
  ]
}

CERTFR-2023-AVI-0457

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans VMware Tools. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	N/A	VMware Tools versions 10.3.x à 12.x antérieures à 12.2.5

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2023-0013 du 13 juin 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Tools versions 10.3.x \u00e0 12.x ant\u00e9rieures \u00e0 12.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-20867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20867"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0457",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans VMware Tools. Elle permet \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans VMware Tools",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0013 du 13 juin 2023",
      "url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html"
    }
  ]
}

CERTFR-2023-AVI-0839

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling	IBM Sterling Order Management versions 10.0.x antérieures à 10.0.2309.0
IBM	N/A	IBM Db2 on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 antérieures à 4.7 Refresh 3
IBM	Db2	IBM Db2 versions 10.5.0.x sans les derniers correctifs de sécurité
IBM	Db2	IBM Db2 versions 11.1.4.x sans les derniers correctifs de sécurité
IBM	Db2	IBM Db2 REST versions 1.0.0.121-amd64 à 1.0.0.276-amd64 antérieures à 1.0.0.291-amd64
IBM	N/A	IBM Db2 Warehouse on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 antérieures à 4.7 Refresh 3
IBM	Db2	IBM Db2 versions 11.5.x sans les derniers correctifs de sécurité
IBM	QRadar	IBM QRadar Network Packet Capture versions 7.5.x antérieures à 7.5.0 UP6
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7047565 du 06 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7049129 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7047481 du 06 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7049434 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7047499 du 06 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7047754 du 06 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7049133 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7047724 du 06 octobre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7049435 du 10 octobre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling Order Management versions 10.0.x ant\u00e9rieures \u00e0 10.0.2309.0",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 ant\u00e9rieures \u00e0 4.7 Refresh 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 10.5.0.x sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.1.4.x sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 REST versions 1.0.0.121-amd64 \u00e0 1.0.0.276-amd64 ant\u00e9rieures \u00e0 1.0.0.291-amd64",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 Warehouse on Cloud Pak for Data versions 3.5, 4.0, 4.5, 4.6, 4.7 ant\u00e9rieures \u00e0 4.7 Refresh 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.5.x sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar Network Packet Capture versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP6",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2023-21843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
    },
    {
      "name": "CVE-2022-21426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
    },
    {
      "name": "CVE-2023-33201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
    },
    {
      "name": "CVE-2023-32697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32697"
    },
    {
      "name": "CVE-2023-30991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30991"
    },
    {
      "name": "CVE-2023-29404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
    },
    {
      "name": "CVE-2020-9546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2020-13956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
    },
    {
      "name": "CVE-2023-29256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29256"
    },
    {
      "name": "CVE-2020-10673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
    },
    {
      "name": "CVE-2020-35728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
    },
    {
      "name": "CVE-2020-36181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
    },
    {
      "name": "CVE-2020-9548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
    },
    {
      "name": "CVE-2023-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
    },
    {
      "name": "CVE-2020-36182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
    },
    {
      "name": "CVE-2020-24616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
    },
    {
      "name": "CVE-2023-30431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30431"
    },
    {
      "name": "CVE-2022-42703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
    },
    {
      "name": "CVE-2020-36185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2022-25147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
    },
    {
      "name": "CVE-2019-16942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
    },
    {
      "name": "CVE-2020-9547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
    },
    {
      "name": "CVE-2020-36179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
    },
    {
      "name": "CVE-2023-29403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
    },
    {
      "name": "CVE-2023-35012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35012"
    },
    {
      "name": "CVE-2023-30443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30443"
    },
    {
      "name": "CVE-2020-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
    },
    {
      "name": "CVE-2020-36189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
    },
    {
      "name": "CVE-2020-35490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
    },
    {
      "name": "CVE-2023-29405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
    },
    {
      "name": "CVE-2023-34454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
    },
    {
      "name": "CVE-2023-27869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27869"
    },
    {
      "name": "CVE-2021-20190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
    },
    {
      "name": "CVE-2023-26049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
    },
    {
      "name": "CVE-2023-32342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32342"
    },
    {
      "name": "CVE-2023-2828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
    },
    {
      "name": "CVE-2023-30446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30446"
    },
    {
      "name": "CVE-2019-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
    },
    {
      "name": "CVE-2023-34453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
    },
    {
      "name": "CVE-2023-29007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29007"
    },
    {
      "name": "CVE-2019-14893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
    },
    {
      "name": "CVE-2022-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
    },
    {
      "name": "CVE-2020-11113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
    },
    {
      "name": "CVE-2023-27868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27868"
    },
    {
      "name": "CVE-2023-35116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
    },
    {
      "name": "CVE-2023-20867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20867"
    },
    {
      "name": "CVE-2023-28709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
    },
    {
      "name": "CVE-2020-10672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
    },
    {
      "name": "CVE-2023-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
    },
    {
      "name": "CVE-2020-10969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
    },
    {
      "name": "CVE-2023-30445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30445"
    },
    {
      "name": "CVE-2022-40609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
    },
    {
      "name": "CVE-2020-36187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
    },
    {
      "name": "CVE-2023-30447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30447"
    },
    {
      "name": "CVE-2023-30442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30442"
    },
    {
      "name": "CVE-2023-34455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
    },
    {
      "name": "CVE-2023-30441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30441"
    },
    {
      "name": "CVE-2020-11620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
    },
    {
      "name": "CVE-2023-27867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27867"
    },
    {
      "name": "CVE-2023-34396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34396"
    },
    {
      "name": "CVE-2020-24750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2023-39976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39976"
    },
    {
      "name": "CVE-2019-16943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
    },
    {
      "name": "CVE-2022-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
    },
    {
      "name": "CVE-2020-28491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
    },
    {
      "name": "CVE-2019-20330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
    },
    {
      "name": "CVE-2020-14195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2023-22809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
    },
    {
      "name": "CVE-2020-35491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
    },
    {
      "name": "CVE-2019-17531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
    },
    {
      "name": "CVE-2023-33850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
    },
    {
      "name": "CVE-2023-30448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30448"
    },
    {
      "name": "CVE-2020-14061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
    },
    {
      "name": "CVE-2023-2597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
    },
    {
      "name": "CVE-2020-11619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
    },
    {
      "name": "CVE-2022-48339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48339"
    },
    {
      "name": "CVE-2023-27558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27558"
    },
    {
      "name": "CVE-2020-36183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
    },
    {
      "name": "CVE-2020-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
    },
    {
      "name": "CVE-2023-38408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
    },
    {
      "name": "CVE-2023-34981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34981"
    },
    {
      "name": "CVE-2023-30449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30449"
    },
    {
      "name": "CVE-2020-36184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
    },
    {
      "name": "CVE-2023-30994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30994"
    },
    {
      "name": "CVE-2020-36180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2019-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2023-25652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25652"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2023-23487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23487"
    },
    {
      "name": "CVE-2020-10968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
    },
    {
      "name": "CVE-2020-25649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2023-40367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40367"
    },
    {
      "name": "CVE-2023-29402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
    },
    {
      "name": "CVE-2023-26048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
    },
    {
      "name": "CVE-2020-11112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    },
    {
      "name": "CVE-2020-11111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
    },
    {
      "name": "CVE-2023-34149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34149"
    },
    {
      "name": "CVE-2020-14060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
    },
    {
      "name": "CVE-2020-36188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
    },
    {
      "name": "CVE-2016-1000027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    },
    {
      "name": "CVE-2020-14062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0839",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047565 du 06 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7047565"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7049129 du 10 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7049129"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047481 du 06 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7047481"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7049434 du 10 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7049434"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047499 du 06 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7047499"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047754 du 06 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7047754"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7049133 du 10 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7049133"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7047724 du 06 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7047724"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7049435 du 10 octobre 2023",
      "url": "https://www.ibm.com/support/pages/node/7049435"
    }
  ]
}

alsa-2023:3948

Vulnerability from osv_almalinux

Published

2023-06-29 00:00

Modified

2023-07-14 10:41

Summary

Low: open-vm-tools security update

Details

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.

Security Fix(es):

open-vm-tools: authentication bypass vulnerability in the vgauth module (CVE-2023-20867)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2023:3948	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-20867	REPORT
	https://bugzilla.redhat.com/2213087	REPORT
	https://errata.almalinux.org/9/ALSA-2023-3948.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "open-vm-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "12.1.5-1.el9_2.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "open-vm-tools-desktop"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "12.1.5-1.el9_2.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "open-vm-tools-salt-minion"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "12.1.5-1.el9_2.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "open-vm-tools-sdmp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "12.1.5-1.el9_2.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "open-vm-tools-test"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "12.1.5-1.el9_2.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.\n\nSecurity Fix(es):\n\n* open-vm-tools: authentication bypass vulnerability in the vgauth module (CVE-2023-20867)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:3948",
  "modified": "2023-07-14T10:41:18Z",
  "published": "2023-06-29T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:3948"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-20867"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2213087"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2023-3948.html"
    }
  ],
  "related": [
    "CVE-2023-20867"
  ],
  "summary": "Low: open-vm-tools security update"
}

alsa-2023:3949

Vulnerability from osv_almalinux

Published

2023-06-29 00:00

Modified

2023-07-14 10:46

Summary

Low: open-vm-tools security update

Details

Security Fix(es):

open-vm-tools: authentication bypass vulnerability in the vgauth module (CVE-2023-20867)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2023:3949	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-20867	REPORT
	https://bugzilla.redhat.com/2213087	REPORT
	https://errata.almalinux.org/8/ALSA-2023-3949.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "open-vm-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "12.1.5-2.el8_8.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "open-vm-tools-desktop"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "12.1.5-2.el8_8.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "open-vm-tools-salt-minion"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "12.1.5-2.el8_8.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "open-vm-tools-sdmp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "12.1.5-2.el8_8.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.\n\nSecurity Fix(es):\n\n* open-vm-tools: authentication bypass vulnerability in the vgauth module (CVE-2023-20867)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:3949",
  "modified": "2023-07-14T10:46:16Z",
  "published": "2023-06-29T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:3949"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-20867"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2213087"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2023-3949.html"
    }
  ],
  "related": [
    "CVE-2023-20867"
  ],
  "summary": "Low: open-vm-tools security update"
}

FKIE_CVE-2023-20867

Vulnerability from fkie_nvd - Published: 2023-06-13 17:15 - Updated: 2025-10-28 13:46

CISA KEV

Severity

3.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
3.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Summary

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

References

URL	Tags
security@vmware.com	http://www.openwall.com/lists/oss-security/2023/10/16/11	Mailing List, Patch
security@vmware.com	http://www.openwall.com/lists/oss-security/2023/10/16/2	Mailing List, Patch
security@vmware.com	https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html	Mailing List, Third Party Advisory
security@vmware.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/	Mailing List, Release Notes
security@vmware.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/	Mailing List, Release Notes
security@vmware.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/	Mailing List, Release Notes
security@vmware.com	https://security.netapp.com/advisory/ntap-20230725-0001/	Third Party Advisory
security@vmware.com	https://www.debian.org/security/2023/dsa-5493	Mailing List, Third Party Advisory
security@vmware.com	https://www.vmware.com/security/advisories/VMSA-2023-0013.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/10/16/11	Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/10/16/2	Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/	Mailing List, Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/	Mailing List, Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/	Mailing List, Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230725-0001/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5493	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.vmware.com/security/advisories/VMSA-2023-0013.html	Patch, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20867	US Government Resource

Impacted products

Vendor	Product	Version
vmware	tools	*
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
fedoraproject	fedora	37
fedoraproject	fedora	38
fedoraproject	fedora	39

JSON

To clipboard

{
  "cisaActionDue": "2023-07-14",
  "cisaExploitAdd": "2023-06-23",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "VMware Tools Authentication Bypass Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E0027C7-536C-42DC-A0FA-7215968B3E1B",
              "versionEndExcluding": "12.2.5",
              "versionStartIncluding": "10.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine."
    },
    {
      "lang": "es",
      "value": "Un host ESXi totalmente comprometido puede obligar a VMware Tools a no poder autenticar las operaciones de host a invitado, lo que afecta la confidencialidad y la integridad de la m\u00e1quina virtual invitada."
    }
  ],
  "id": "CVE-2023-20867",
  "lastModified": "2025-10-28T13:46:56.110",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.9,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 2.7,
        "source": "security@vmware.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.9,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-13T17:15:14.070",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/10/16/11"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/10/16/2"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Mailing List",
        "Release Notes"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Mailing List",
        "Release Notes"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Mailing List",
        "Release Notes"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230725-0001/"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5493"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/10/16/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/10/16/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230725-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20867"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "security@vmware.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-QM59-F7VH-3M2P

Vulnerability from github – Published: 2023-06-13 18:30 – Updated: 2025-10-22 00:32

Details

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

Severity

3.9 (Low)


                  
                    CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-20867"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-13T17:15:14Z",
    "severity": "LOW"
  },
  "details": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.",
  "id": "GHSA-qm59-f7vh-3m2p",
  "modified": "2025-10-22T00:32:44Z",
  "published": "2023-06-13T18:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20867"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230725-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20867"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5493"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/16/11"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/16/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-20867

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

Aliases

CVE-2023-20867

Aliases

CVE-2023-20867

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-20867",
    "id": "GSD-2023-20867"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-20867"
      ],
      "details": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.",
      "id": "GSD-2023-20867",
      "modified": "2023-12-13T01:20:29.348899Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@vmware.com",
        "ID": "CVE-2023-20867",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "VMware Tools",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected",
                            "versions": [
                              {
                                "status": "unaffected",
                                "version": "12.2.5"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "VMware"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-287",
                "lang": "eng",
                "value": "CWE-287 Improper Authentication"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html",
            "refsource": "MISC",
            "url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20230725-0001/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20230725-0001/"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html"
          },
          {
            "name": "https://www.debian.org/security/2023/dsa-5493",
            "refsource": "MISC",
            "url": "https://www.debian.org/security/2023/dsa-5493"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2023/10/16/2",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2023/10/16/2"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2023/10/16/11",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2023/10/16/11"
          }
        ]
      },
      "source": {
        "advisory": "VMSA-2023-0013",
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.2.5",
                "versionStartIncluding": "10.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2023-20867"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20230725-0001/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20230725-0001/"
            },
            {
              "name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html"
            },
            {
              "name": "https://www.debian.org/security/2023/dsa-5493",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.debian.org/security/2023/dsa-5493"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2023/10/16/2",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/16/2"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2023/10/16/11",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/16/11"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2023-10-16T18:15Z",
      "publishedDate": "2023-06-13T17:15Z"
    }
  }
}

OPENSUSE-SU-2024:13022-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

libvmtools-devel-12.2.0-4.1 on GA media

Severity

Moderate

Notes

Title of the patch: libvmtools-devel-12.2.0-4.1 on GA media

Description of the patch: These are all security issues fixed in the libvmtools-devel-12.2.0-4.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-13022

CVE-2023-20867

3.9 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Affected products

Recommended 28 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.x86_64	—	Vendor Fix

Threats

Impact low

References

6 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2023-20867/	self
https://www.suse.com/security/cve/CVE-2023-20867	external
https://bugzilla.suse.com/1212143	external
https://bugzilla.suse.com/1214402	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libvmtools-devel-12.2.0-4.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libvmtools-devel-12.2.0-4.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13022",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13022-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-20867 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-20867/"
      }
    ],
    "title": "libvmtools-devel-12.2.0-4.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13022-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvmtools-devel-12.2.0-4.1.aarch64",
                "product": {
                  "name": "libvmtools-devel-12.2.0-4.1.aarch64",
                  "product_id": "libvmtools-devel-12.2.0-4.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libvmtools0-12.2.0-4.1.aarch64",
                "product": {
                  "name": "libvmtools0-12.2.0-4.1.aarch64",
                  "product_id": "libvmtools0-12.2.0-4.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-12.2.0-4.1.aarch64",
                "product": {
                  "name": "open-vm-tools-12.2.0-4.1.aarch64",
                  "product_id": "open-vm-tools-12.2.0-4.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-containerinfo-12.2.0-4.1.aarch64",
                "product": {
                  "name": "open-vm-tools-containerinfo-12.2.0-4.1.aarch64",
                  "product_id": "open-vm-tools-containerinfo-12.2.0-4.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-desktop-12.2.0-4.1.aarch64",
                "product": {
                  "name": "open-vm-tools-desktop-12.2.0-4.1.aarch64",
                  "product_id": "open-vm-tools-desktop-12.2.0-4.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-salt-minion-12.2.0-4.1.aarch64",
                "product": {
                  "name": "open-vm-tools-salt-minion-12.2.0-4.1.aarch64",
                  "product_id": "open-vm-tools-salt-minion-12.2.0-4.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-sdmp-12.2.0-4.1.aarch64",
                "product": {
                  "name": "open-vm-tools-sdmp-12.2.0-4.1.aarch64",
                  "product_id": "open-vm-tools-sdmp-12.2.0-4.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvmtools-devel-12.2.0-4.1.ppc64le",
                "product": {
                  "name": "libvmtools-devel-12.2.0-4.1.ppc64le",
                  "product_id": "libvmtools-devel-12.2.0-4.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libvmtools0-12.2.0-4.1.ppc64le",
                "product": {
                  "name": "libvmtools0-12.2.0-4.1.ppc64le",
                  "product_id": "libvmtools0-12.2.0-4.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-12.2.0-4.1.ppc64le",
                "product": {
                  "name": "open-vm-tools-12.2.0-4.1.ppc64le",
                  "product_id": "open-vm-tools-12.2.0-4.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-containerinfo-12.2.0-4.1.ppc64le",
                "product": {
                  "name": "open-vm-tools-containerinfo-12.2.0-4.1.ppc64le",
                  "product_id": "open-vm-tools-containerinfo-12.2.0-4.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-desktop-12.2.0-4.1.ppc64le",
                "product": {
                  "name": "open-vm-tools-desktop-12.2.0-4.1.ppc64le",
                  "product_id": "open-vm-tools-desktop-12.2.0-4.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-salt-minion-12.2.0-4.1.ppc64le",
                "product": {
                  "name": "open-vm-tools-salt-minion-12.2.0-4.1.ppc64le",
                  "product_id": "open-vm-tools-salt-minion-12.2.0-4.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-sdmp-12.2.0-4.1.ppc64le",
                "product": {
                  "name": "open-vm-tools-sdmp-12.2.0-4.1.ppc64le",
                  "product_id": "open-vm-tools-sdmp-12.2.0-4.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvmtools-devel-12.2.0-4.1.s390x",
                "product": {
                  "name": "libvmtools-devel-12.2.0-4.1.s390x",
                  "product_id": "libvmtools-devel-12.2.0-4.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libvmtools0-12.2.0-4.1.s390x",
                "product": {
                  "name": "libvmtools0-12.2.0-4.1.s390x",
                  "product_id": "libvmtools0-12.2.0-4.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-12.2.0-4.1.s390x",
                "product": {
                  "name": "open-vm-tools-12.2.0-4.1.s390x",
                  "product_id": "open-vm-tools-12.2.0-4.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-containerinfo-12.2.0-4.1.s390x",
                "product": {
                  "name": "open-vm-tools-containerinfo-12.2.0-4.1.s390x",
                  "product_id": "open-vm-tools-containerinfo-12.2.0-4.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-desktop-12.2.0-4.1.s390x",
                "product": {
                  "name": "open-vm-tools-desktop-12.2.0-4.1.s390x",
                  "product_id": "open-vm-tools-desktop-12.2.0-4.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-salt-minion-12.2.0-4.1.s390x",
                "product": {
                  "name": "open-vm-tools-salt-minion-12.2.0-4.1.s390x",
                  "product_id": "open-vm-tools-salt-minion-12.2.0-4.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-sdmp-12.2.0-4.1.s390x",
                "product": {
                  "name": "open-vm-tools-sdmp-12.2.0-4.1.s390x",
                  "product_id": "open-vm-tools-sdmp-12.2.0-4.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvmtools-devel-12.2.0-4.1.x86_64",
                "product": {
                  "name": "libvmtools-devel-12.2.0-4.1.x86_64",
                  "product_id": "libvmtools-devel-12.2.0-4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libvmtools0-12.2.0-4.1.x86_64",
                "product": {
                  "name": "libvmtools0-12.2.0-4.1.x86_64",
                  "product_id": "libvmtools0-12.2.0-4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-12.2.0-4.1.x86_64",
                "product": {
                  "name": "open-vm-tools-12.2.0-4.1.x86_64",
                  "product_id": "open-vm-tools-12.2.0-4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-containerinfo-12.2.0-4.1.x86_64",
                "product": {
                  "name": "open-vm-tools-containerinfo-12.2.0-4.1.x86_64",
                  "product_id": "open-vm-tools-containerinfo-12.2.0-4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-desktop-12.2.0-4.1.x86_64",
                "product": {
                  "name": "open-vm-tools-desktop-12.2.0-4.1.x86_64",
                  "product_id": "open-vm-tools-desktop-12.2.0-4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-salt-minion-12.2.0-4.1.x86_64",
                "product": {
                  "name": "open-vm-tools-salt-minion-12.2.0-4.1.x86_64",
                  "product_id": "open-vm-tools-salt-minion-12.2.0-4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "open-vm-tools-sdmp-12.2.0-4.1.x86_64",
                "product": {
                  "name": "open-vm-tools-sdmp-12.2.0-4.1.x86_64",
                  "product_id": "open-vm-tools-sdmp-12.2.0-4.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvmtools-devel-12.2.0-4.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.aarch64"
        },
        "product_reference": "libvmtools-devel-12.2.0-4.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvmtools-devel-12.2.0-4.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.ppc64le"
        },
        "product_reference": "libvmtools-devel-12.2.0-4.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvmtools-devel-12.2.0-4.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.s390x"
        },
        "product_reference": "libvmtools-devel-12.2.0-4.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvmtools-devel-12.2.0-4.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.x86_64"
        },
        "product_reference": "libvmtools-devel-12.2.0-4.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvmtools0-12.2.0-4.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.aarch64"
        },
        "product_reference": "libvmtools0-12.2.0-4.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvmtools0-12.2.0-4.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.ppc64le"
        },
        "product_reference": "libvmtools0-12.2.0-4.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvmtools0-12.2.0-4.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.s390x"
        },
        "product_reference": "libvmtools0-12.2.0-4.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvmtools0-12.2.0-4.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.x86_64"
        },
        "product_reference": "libvmtools0-12.2.0-4.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-12.2.0-4.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.aarch64"
        },
        "product_reference": "open-vm-tools-12.2.0-4.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-12.2.0-4.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.ppc64le"
        },
        "product_reference": "open-vm-tools-12.2.0-4.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-12.2.0-4.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.s390x"
        },
        "product_reference": "open-vm-tools-12.2.0-4.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-12.2.0-4.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.x86_64"
        },
        "product_reference": "open-vm-tools-12.2.0-4.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-containerinfo-12.2.0-4.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.aarch64"
        },
        "product_reference": "open-vm-tools-containerinfo-12.2.0-4.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-containerinfo-12.2.0-4.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.ppc64le"
        },
        "product_reference": "open-vm-tools-containerinfo-12.2.0-4.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-containerinfo-12.2.0-4.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.s390x"
        },
        "product_reference": "open-vm-tools-containerinfo-12.2.0-4.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-containerinfo-12.2.0-4.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.x86_64"
        },
        "product_reference": "open-vm-tools-containerinfo-12.2.0-4.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-desktop-12.2.0-4.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.aarch64"
        },
        "product_reference": "open-vm-tools-desktop-12.2.0-4.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-desktop-12.2.0-4.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.ppc64le"
        },
        "product_reference": "open-vm-tools-desktop-12.2.0-4.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-desktop-12.2.0-4.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.s390x"
        },
        "product_reference": "open-vm-tools-desktop-12.2.0-4.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-desktop-12.2.0-4.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.x86_64"
        },
        "product_reference": "open-vm-tools-desktop-12.2.0-4.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-salt-minion-12.2.0-4.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.aarch64"
        },
        "product_reference": "open-vm-tools-salt-minion-12.2.0-4.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-salt-minion-12.2.0-4.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.ppc64le"
        },
        "product_reference": "open-vm-tools-salt-minion-12.2.0-4.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-salt-minion-12.2.0-4.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.s390x"
        },
        "product_reference": "open-vm-tools-salt-minion-12.2.0-4.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-salt-minion-12.2.0-4.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.x86_64"
        },
        "product_reference": "open-vm-tools-salt-minion-12.2.0-4.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-sdmp-12.2.0-4.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.aarch64"
        },
        "product_reference": "open-vm-tools-sdmp-12.2.0-4.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-sdmp-12.2.0-4.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.ppc64le"
        },
        "product_reference": "open-vm-tools-sdmp-12.2.0-4.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-sdmp-12.2.0-4.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.s390x"
        },
        "product_reference": "open-vm-tools-sdmp-12.2.0-4.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "open-vm-tools-sdmp-12.2.0-4.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.x86_64"
        },
        "product_reference": "open-vm-tools-sdmp-12.2.0-4.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-20867",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-20867"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.aarch64",
          "openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.ppc64le",
          "openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.s390x",
          "openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.x86_64",
          "openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.aarch64",
          "openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.ppc64le",
          "openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.s390x",
          "openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.x86_64",
          "openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.aarch64",
          "openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.ppc64le",
          "openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.s390x",
          "openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.x86_64",
          "openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.aarch64",
          "openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.ppc64le",
          "openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.s390x",
          "openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.x86_64",
          "openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.aarch64",
          "openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.ppc64le",
          "openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.s390x",
          "openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.x86_64",
          "openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.aarch64",
          "openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.ppc64le",
          "openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.s390x",
          "openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.x86_64",
          "openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.aarch64",
          "openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.ppc64le",
          "openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.s390x",
          "openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-20867",
          "url": "https://www.suse.com/security/cve/CVE-2023-20867"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1212143 for CVE-2023-20867",
          "url": "https://bugzilla.suse.com/1212143"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1214402 for CVE-2023-20867",
          "url": "https://bugzilla.suse.com/1214402"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.aarch64",
            "openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.ppc64le",
            "openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.s390x",
            "openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.x86_64",
            "openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.aarch64",
            "openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.ppc64le",
            "openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.s390x",
            "openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.x86_64",
            "openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.aarch64",
            "openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.ppc64le",
            "openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.s390x",
            "openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.x86_64",
            "openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.aarch64",
            "openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.ppc64le",
            "openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.s390x",
            "openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.x86_64",
            "openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.aarch64",
            "openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.ppc64le",
            "openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.s390x",
            "openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.x86_64",
            "openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.aarch64",
            "openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.ppc64le",
            "openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.s390x",
            "openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.x86_64",
            "openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.aarch64",
            "openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.ppc64le",
            "openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.s390x",
            "openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.aarch64",
            "openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.ppc64le",
            "openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.s390x",
            "openSUSE Tumbleweed:libvmtools-devel-12.2.0-4.1.x86_64",
            "openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.aarch64",
            "openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.ppc64le",
            "openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.s390x",
            "openSUSE Tumbleweed:libvmtools0-12.2.0-4.1.x86_64",
            "openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.aarch64",
            "openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.ppc64le",
            "openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.s390x",
            "openSUSE Tumbleweed:open-vm-tools-12.2.0-4.1.x86_64",
            "openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.aarch64",
            "openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.ppc64le",
            "openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.s390x",
            "openSUSE Tumbleweed:open-vm-tools-containerinfo-12.2.0-4.1.x86_64",
            "openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.aarch64",
            "openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.ppc64le",
            "openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.s390x",
            "openSUSE Tumbleweed:open-vm-tools-desktop-12.2.0-4.1.x86_64",
            "openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.aarch64",
            "openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.ppc64le",
            "openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.s390x",
            "openSUSE Tumbleweed:open-vm-tools-salt-minion-12.2.0-4.1.x86_64",
            "openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.aarch64",
            "openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.ppc64le",
            "openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.s390x",
            "openSUSE Tumbleweed:open-vm-tools-sdmp-12.2.0-4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2023-20867"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-20867 (GCVE-0-2023-20867)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

Solution

Solution

Solution

Solution

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature