{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-22260","assignerOrgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","state":"PUBLISHED","assignerShortName":"vmware","dateReserved":"2024-01-08T18:43:15.943Z","datePublished":"2024-06-27T20:18:58.176Z","dateUpdated":"2025-03-19T17:17:41.489Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"VMware Workspace One UEM","vendor":"N/A","versions":[{"status":"affected","version":"VMware Workspace One UEM 23.10.x, VMware Workspace One UEM 23.6.x, VMware Workspace One UEM 23.4.x, VMware Workspace One UEM 22.12.x"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\nVMware Workspace One UEM update addresses an information exposure vulnerability. \nA malicious actor with network access to the Workspace One UEM may be \nable to perform an attack resulting in an information exposure.\n\n\n\n"}],"value":"VMware Workspace One UEM update addresses an information exposure vulnerability. \nA malicious actor with network access to the Workspace One UEM may be \nable to perform an attack resulting in an information exposure."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"description":"Information exposure vulnerability","lang":"en"}]}],"providerMetadata":{"orgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","shortName":"vmware","dateUpdated":"2024-06-27T20:18:58.176Z"},"references":[{"url":"https://www.vmware.com/security/advisories/OMSA-2024-0001.html"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-200","lang":"en","description":"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}],"affected":[{"vendor":"vmware","product":"workspace_one_uem","cpes":["cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"23.10x","status":"affected"}]},{"vendor":"vmware","product":"workspace_one_uem","cpes":["cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"23.6x","status":"affected"}]},{"vendor":"vmware","product":"workspace_one_uem","cpes":["cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"23.4x","status":"affected"}]},{"vendor":"vmware","product":"workspace_one_uem","cpes":["cpe:2.3:a:vmware:workspace_one_uem:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"22.12x","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-28T14:48:16.804419Z","id":"CVE-2024-22260","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-19T17:17:41.489Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T22:43:33.664Z"},"title":"CVE Program Container","references":[{"url":"https://www.vmware.com/security/advisories/OMSA-2024-0001.html","tags":["x_transferred"]}]}]}}