CVE-2023-20856: CSRF
First published: Wed Feb 01 2023(Updated: )
VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Vmware Vrealize Operations | >=8.6.0<=8.6.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this VMware vRealize Operations vulnerability?
The vulnerability ID for this VMware vRealize Operations vulnerability is CVE-2023-20856.
What is the severity level of CVE-2023-20856?
The severity level of CVE-2023-20856 is high with a score of 8.8.
How does the CSRF bypass vulnerability in VMware vRealize Operations work?
The CSRF bypass vulnerability in VMware vRealize Operations allows a malicious user to execute actions on the platform on behalf of the authenticated victim user.
Which version of VMware vRealize Operations is affected by CVE-2023-20856?
CVE-2023-20856 affects VMware vRealize Operations version 8.6.0 to 8.6.4.
Where can I find more information about CVE-2023-20856?
You can find more information about CVE-2023-20856 on the official VMware security advisories page: https://www.vmware.com/security/advisories/VMSA-2023-0002.html
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/type
- agent/first-publish-date
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware vrealize operations
- version/vmware vrealize operations/8.6.0
- version/vmware vrealize operations/8.6.4