{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-20899","assignerOrgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","state":"PUBLISHED","assignerShortName":"vmware","dateReserved":"2022-11-01T15:41:50.396Z","datePublished":"2023-07-06T22:29:19.852Z","dateUpdated":"2024-11-14T20:51:48.993Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"VMware SD-WAN (Edge)","vendor":"n/a","versions":[{"status":"affected","version":"VMware SD-WAN (Edge) 4.5.x, VMware SD-WAN (Edge) 5.x"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management."}],"value":"VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management."}],"problemTypes":[{"descriptions":[{"description":"Bypass Authentication","lang":"en"}]}],"providerMetadata":{"orgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","shortName":"vmware","dateUpdated":"2023-07-06T22:29:28.115Z"},"references":[{"url":"https://www.vmware.com/security/advisories/VMSA-2023-0015.html"}],"source":{"advisory":"VMSA-2023-0015","discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T09:21:33.379Z"},"title":"CVE Program Container","references":[{"url":"https://www.vmware.com/security/advisories/VMSA-2023-0015.html","tags":["x_transferred"]}]},{"affected":[{"vendor":"vmware","product":"sd-wan_edge","cpes":["cpe:2.3:h:vmware:sd-wan_edge:-:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"4.5.x","status":"affected"},{"version":"5.x","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-14T20:50:51.513829Z","id":"CVE-2023-20899","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-14T20:51:48.993Z"}}]}}