#VU72624 Improper Authentication in Workspace ONE Content for Android - CVE-2023-20857

Cybersecurity Help s.r.o.

Published: 2023-02-28

Vulnerability identifier: #VU72624

Vulnerability risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-20857

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Workspace ONE Content for Android
Mobile applications / Apps for mobile phones

Vendor: VMware, Inc

Description

The vulnerability allows a remote user to bypass authentication process.

The vulnerability exists due to an error in authentication process. A remote user can bypass a passcode authentication process and gain unauthorized access to the application.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Workspace ONE Content for Android: before 23.02

External links
https://www.vmware.com/security/advisories/VMSA-2023-0006.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Passcode bypass in VMware Workspace ONE Content for Android