Main Vulnerability Database SB2020111701

SB2020111701 - Information disclosure in VMware Tanzu Application Service for VMs

Published: November 17, 2020

Security Bulletin ID SB2020111701

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incorrect permission assignment for critical resource (CVE-ID: CVE-2020-5417)

The vulnerability allows a remote attacker to compromise the sysem.

The vulnerability exists when the affected software is used in a deployment where an app domain is also the system domain. A remote authenticated attacker can claim certain sensitive routes, potentially resulting in the developer’s app handling some requests that were expected to go to certain system components.

Remediation

Install update from vendor's website.

References

https://tanzu.vmware.com/security/cve-2020-5417