As we rely increasingly on virtual workspaces and cloud-based solutions, it is imperative that we stay ahead of emerging threats targeting these technologies. The recent discovery of a vulnerability within VMware Workspace has sent shockwaves through the industry, shedding light on how seemingly innocuous flaws can expose us to significant risks online. By exploiting this flaw, hackers gain the ability to redirect users towards malicious websites or sources without their knowledge or consent. This incident underscores the necessity for robust security protocols and continuous monitoring in order to mitigate potential attacks in our ever-evolving digital landscape.

VMware Workspace Flaw Let Attacker Redirect User to Malicious Source

An open redirect vulnerability in the VMware Workspace ONE UEM console has been identified as CVE-2023-20886, which has a CVSS score of 8.8 and is classified as ‘Important’ in severity. By using this vulnerability, an attacker could redirect a victim to a malicious website where their SAML response is intended to be stolen.  The victim’s Workspace ONE UEM console would then be accessible to the attacker using the victim user’s login credentials.

“A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to log in as the victim user,” VMware said in its advisory. VMware Workspace ONE UEM is a unified endpoint management (UEM) solution that allows businesses to manage all of their devices, including wearables, laptops, desktop computers, tablets, and smartphones, from a single interface. 

It is an effective and adaptable UEM solution that may save expenses, simplify IT operations, and strengthen the security posture of enterprises. VMware issued updates to fix this vulnerability in the affected products. D’Angelo Gonzalez from Crowdstrike reported this issue.

Affected Products :

CVE-2023-20886 affects the following VMware Workspace ONE UEM versions:

  • Workspace ONE UEM 2302
  • Workspace ONE UEM 2212
  • Workspace ONE UEM 2209
  • Workspace ONE UEM 2206
  • Workspace ONE UEM 2203

Patches Released :

The patched versions of Workspace ONE UEM are as follows:

  • Workspace ONE UEM
  • Workspace ONE UEM
  • Workspace ONE UEM
  • Workspace ONE UEM
  • Workspace ONE UEM

It is classified as “important” and poses a danger to the company using this solution since the attacker might obtain confidential corporate information and resources. VMware thus advises Organisations to update as quickly as possible to a patched version.


The recently discovered flaw in VMware Workspace poses a significant security risk for users. This vulnerability allows attackers to redirect unsuspecting users to malicious sources, putting their sensitive data and systems at risk. It is crucial for organizations and individuals using VMware Workspace to promptly apply the available patches and updates to mitigate this threat. Additionally, implementing other security measures such as multi-factor authentication and educating users about phishing attacks can further enhance protection against potential exploits. By taking these necessary precautions, we can safeguard our digital environments and ensure the integrity of our data. Stay vigilant, stay secure.

Leave a Comment

Your email address will not be published. Required fields are marked *