{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22260", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2024-01-08T18:43:15.943Z", "datePublished": "2024-06-27T20:18:58.176Z", "dateUpdated": "2025-03-19T17:17:41.489Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "VMware Workspace One UEM", "vendor": "N/A", "versions": [{"status": "affected", "version": "VMware Workspace One UEM 23.10.x, VMware Workspace One UEM 23.6.x, VMware Workspace One UEM 23.4.x, VMware Workspace One UEM 22.12.x"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nVMware Workspace One UEM update addresses an information exposure vulnerability. \nA malicious actor with network access to the Workspace One UEM may be \nable to perform an attack resulting in an information exposure.\n\n\n\n"}], "value": "VMware Workspace One UEM update addresses an information exposure vulnerability.\u00a0\nA malicious actor with network access to the Workspace One UEM may be \nable to perform an attack resulting in an information exposure."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Information exposure vulnerability", "lang": "en"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-06-27T20:18:58.176Z"}, "references": [{"url": "https://www.vmware.com/security/advisories/OMSA-2024-0001.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "affected": [{"vendor": "vmware", "product": "workspace_one_uem", "cpes": ["cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "23.10x", "status": "affected"}]}, {"vendor": "vmware", "product": "workspace_one_uem", "cpes": ["cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "23.6x", "status": "affected"}]}, {"vendor": "vmware", "product": "workspace_one_uem", "cpes": ["cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "23.4x", "status": "affected"}]}, {"vendor": "vmware", "product": "workspace_one_uem", "cpes": ["cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "22.12x", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-28T14:48:16.804419Z", "id": "CVE-2024-22260", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-19T17:17:41.489Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:33.664Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.vmware.com/security/advisories/OMSA-2024-0001.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.vmware.com/security/advisories/OMSA-2024-0001.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:33.664Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22260", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-28T14:48:16.804419Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "workspace_one_uem", "versions": [{"status": "affected", "version": "23.10x"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "workspace_one_uem", "versions": [{"status": "affected", "version": "23.6x"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "workspace_one_uem", "versions": [{"status": "affected", "version": "23.4x"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "workspace_one_uem", "versions": [{"status": "affected", "version": "22.12x"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-28T14:51:23.333Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "N/A", "product": "VMware Workspace One UEM", "versions": [{"status": "affected", "version": "VMware Workspace One UEM 23.10.x, VMware Workspace One UEM 23.6.x, VMware Workspace One UEM 23.4.x, VMware Workspace One UEM 22.12.x"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.vmware.com/security/advisories/OMSA-2024-0001.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "VMware Workspace One UEM update addresses an information exposure vulnerability.\u00a0\nA malicious actor with network access to the Workspace One UEM may be \nable to perform an attack resulting in an information exposure.", "supportingMedia": [{"type": "text/html", "value": "\nVMware Workspace One UEM update addresses an information exposure vulnerability. \nA malicious actor with network access to the Workspace One UEM may be \nable to perform an attack resulting in an information exposure.\n\n\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Information exposure vulnerability"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-06-27T20:18:58.176Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22260", "state": "PUBLISHED", "dateUpdated": "2025-03-19T17:17:41.489Z", "dateReserved": "2024-01-08T18:43:15.943Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2024-06-27T20:18:58.176Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "VMware Workspace One UEM update addresses an information exposure vulnerability.\u00a0\nA malicious actor with network access to the Workspace One UEM may be \nable to perform an attack resulting in an information exposure."}, {"lang": "es", "value": "La actualizaci\u00f3n de VMware Workspace One UEM soluciona una vulnerabilidad de exposici\u00f3n de informaci\u00f3n. Un actor malintencionado con acceso a la red de Workspace One UEM puede realizar un ataque que resulte en una exposici\u00f3n de la informaci\u00f3n."}], "id": "CVE-2024-22260", "lastModified": "2025-03-19T18:15:20.353", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2024-06-27T21:15:13.470", "references": [{"source": "security@vmware.com", "url": "https://www.vmware.com/security/advisories/OMSA-2024-0001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.vmware.com/security/advisories/OMSA-2024-0001.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}