Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5313: Red Hat Security Advisory: open-vm-tools security update

An update for open-vm-tools is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-20900: An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. This issue may allow a malicious actor with man-in-the-middle (MITM) network positioning between a vCenter server and the virtual machine to bypass SAML token signature verification to perform guest operations.
Red Hat Security Data
#vulnerability#web#mac#linux#red_hat#nodejs#js#kubernetes#vmware#aws#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-09-20

Updated:

2023-09-20

RHSA-2023:5313 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: open-vm-tools security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.

Security Fix(es):

  • open-vm-tools: SAML token signature bypass (CVE-2023-20900)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2 aarch64

Fixes

  • BZ - 2236542 - CVE-2023-20900 open-vm-tools: SAML token signature bypass

Red Hat Enterprise Linux for x86_64 9

SRPM

open-vm-tools-12.1.5-1.el9_2.3.src.rpm

SHA-256: 6507ac575255a0fce19334dea53bba39fd5975299b2797c45681cf51fad9e680

x86_64

open-vm-tools-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 6ccc8d017f4fecf61470d52e2666dc3c270ac794858ff2eb5a4615be98af75cd

open-vm-tools-debuginfo-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 80c7cdbce8f66a90ddf6d6acf0806b8ad9549969f30344c72f6638cf2a2e5db3

open-vm-tools-debugsource-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 510da0e09fa0bcd7464f5a78dcdd17c1c89d8457c1ed3ecbd5571c039e2170f5

open-vm-tools-desktop-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: e48504eb39df3b9c84557eb8586ca57c55e9526f0bda8745e8059901e9147082

open-vm-tools-desktop-debuginfo-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 5eb56d61e0193ca9d35abacdf0492fd21504eb1e997caea26ff7fdf74fe60d74

open-vm-tools-salt-minion-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: a3122e9cdca82d50485b9cfa76de0859d00efdc4be8f619eead100efe7744f5b

open-vm-tools-sdmp-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: ce1cbb3cde0538cc07ed9ef06949e35f4f41764a3b24fd650189e9ba5d0e5a99

open-vm-tools-sdmp-debuginfo-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: d5888e0f3e96a127991f0f002984ae6a0d46ec21712d968a0a3afbc16cb58f47

open-vm-tools-test-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 0c1ad0f89ac54b541fa4351b076c3312558dfc1779fb859cdb03a3b52260d4d0

open-vm-tools-test-debuginfo-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 8b5b625bb39fd3d757161266855ec0ac13eb38116563b3d44f4ec57b209db9b6

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM

open-vm-tools-12.1.5-1.el9_2.3.src.rpm

SHA-256: 6507ac575255a0fce19334dea53bba39fd5975299b2797c45681cf51fad9e680

x86_64

open-vm-tools-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 6ccc8d017f4fecf61470d52e2666dc3c270ac794858ff2eb5a4615be98af75cd

open-vm-tools-debuginfo-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 80c7cdbce8f66a90ddf6d6acf0806b8ad9549969f30344c72f6638cf2a2e5db3

open-vm-tools-debugsource-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 510da0e09fa0bcd7464f5a78dcdd17c1c89d8457c1ed3ecbd5571c039e2170f5

open-vm-tools-desktop-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: e48504eb39df3b9c84557eb8586ca57c55e9526f0bda8745e8059901e9147082

open-vm-tools-desktop-debuginfo-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 5eb56d61e0193ca9d35abacdf0492fd21504eb1e997caea26ff7fdf74fe60d74

open-vm-tools-salt-minion-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: a3122e9cdca82d50485b9cfa76de0859d00efdc4be8f619eead100efe7744f5b

open-vm-tools-sdmp-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: ce1cbb3cde0538cc07ed9ef06949e35f4f41764a3b24fd650189e9ba5d0e5a99

open-vm-tools-sdmp-debuginfo-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: d5888e0f3e96a127991f0f002984ae6a0d46ec21712d968a0a3afbc16cb58f47

open-vm-tools-test-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 0c1ad0f89ac54b541fa4351b076c3312558dfc1779fb859cdb03a3b52260d4d0

open-vm-tools-test-debuginfo-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 8b5b625bb39fd3d757161266855ec0ac13eb38116563b3d44f4ec57b209db9b6

Red Hat Enterprise Linux Server - AUS 9.2

SRPM

open-vm-tools-12.1.5-1.el9_2.3.src.rpm

SHA-256: 6507ac575255a0fce19334dea53bba39fd5975299b2797c45681cf51fad9e680

x86_64

open-vm-tools-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 6ccc8d017f4fecf61470d52e2666dc3c270ac794858ff2eb5a4615be98af75cd

open-vm-tools-debuginfo-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 80c7cdbce8f66a90ddf6d6acf0806b8ad9549969f30344c72f6638cf2a2e5db3

open-vm-tools-debugsource-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 510da0e09fa0bcd7464f5a78dcdd17c1c89d8457c1ed3ecbd5571c039e2170f5

open-vm-tools-desktop-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: e48504eb39df3b9c84557eb8586ca57c55e9526f0bda8745e8059901e9147082

open-vm-tools-desktop-debuginfo-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 5eb56d61e0193ca9d35abacdf0492fd21504eb1e997caea26ff7fdf74fe60d74

open-vm-tools-salt-minion-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: a3122e9cdca82d50485b9cfa76de0859d00efdc4be8f619eead100efe7744f5b

open-vm-tools-sdmp-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: ce1cbb3cde0538cc07ed9ef06949e35f4f41764a3b24fd650189e9ba5d0e5a99

open-vm-tools-sdmp-debuginfo-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: d5888e0f3e96a127991f0f002984ae6a0d46ec21712d968a0a3afbc16cb58f47

open-vm-tools-test-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 0c1ad0f89ac54b541fa4351b076c3312558dfc1779fb859cdb03a3b52260d4d0

open-vm-tools-test-debuginfo-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 8b5b625bb39fd3d757161266855ec0ac13eb38116563b3d44f4ec57b209db9b6

Red Hat Enterprise Linux for ARM 64 9

SRPM

open-vm-tools-12.1.5-1.el9_2.3.src.rpm

SHA-256: 6507ac575255a0fce19334dea53bba39fd5975299b2797c45681cf51fad9e680

aarch64

open-vm-tools-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: 2119f1c7ad8777b4415c9e33ea29c20f323ec795c58c7e82a8bed23a20a91f45

open-vm-tools-debuginfo-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: 5ce2cccf08f6ae4093f6c3a9670036e9e563c5c3fa9f3ea956c12e657ac7e562

open-vm-tools-debugsource-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: 5e1e96236b49b507cb787144645b357e57f69e6501e5e80da826fa9166239333

open-vm-tools-desktop-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: e405928d67a858bf1bc16f6344d478e70c957cf4698d2fcc958e6dc9dc9a4a8b

open-vm-tools-desktop-debuginfo-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: e2819fde7b837f064079ae71a54131279df52b1535ea2eab78d107b54d5e329f

open-vm-tools-sdmp-debuginfo-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: dfe3235a0d1bbf9dbf51a9551dfe3b373237cd65365117f9462affbdedf3e792

open-vm-tools-test-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: e42958d2be5f64cd916ce6b53593961d23c049b834c1c017d80840f91c0b9a33

open-vm-tools-test-debuginfo-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: 9e4963a4f3a90cc6c00b333217fd416cfff3b28eded1baee521a7f27c27da9ad

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM

open-vm-tools-12.1.5-1.el9_2.3.src.rpm

SHA-256: 6507ac575255a0fce19334dea53bba39fd5975299b2797c45681cf51fad9e680

aarch64

open-vm-tools-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: 2119f1c7ad8777b4415c9e33ea29c20f323ec795c58c7e82a8bed23a20a91f45

open-vm-tools-debuginfo-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: 5ce2cccf08f6ae4093f6c3a9670036e9e563c5c3fa9f3ea956c12e657ac7e562

open-vm-tools-debugsource-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: 5e1e96236b49b507cb787144645b357e57f69e6501e5e80da826fa9166239333

open-vm-tools-desktop-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: e405928d67a858bf1bc16f6344d478e70c957cf4698d2fcc958e6dc9dc9a4a8b

open-vm-tools-desktop-debuginfo-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: e2819fde7b837f064079ae71a54131279df52b1535ea2eab78d107b54d5e329f

open-vm-tools-sdmp-debuginfo-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: dfe3235a0d1bbf9dbf51a9551dfe3b373237cd65365117f9462affbdedf3e792

open-vm-tools-test-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: e42958d2be5f64cd916ce6b53593961d23c049b834c1c017d80840f91c0b9a33

open-vm-tools-test-debuginfo-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: 9e4963a4f3a90cc6c00b333217fd416cfff3b28eded1baee521a7f27c27da9ad

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM

open-vm-tools-12.1.5-1.el9_2.3.src.rpm

SHA-256: 6507ac575255a0fce19334dea53bba39fd5975299b2797c45681cf51fad9e680

x86_64

open-vm-tools-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 6ccc8d017f4fecf61470d52e2666dc3c270ac794858ff2eb5a4615be98af75cd

open-vm-tools-debuginfo-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 80c7cdbce8f66a90ddf6d6acf0806b8ad9549969f30344c72f6638cf2a2e5db3

open-vm-tools-debugsource-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 510da0e09fa0bcd7464f5a78dcdd17c1c89d8457c1ed3ecbd5571c039e2170f5

open-vm-tools-desktop-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: e48504eb39df3b9c84557eb8586ca57c55e9526f0bda8745e8059901e9147082

open-vm-tools-desktop-debuginfo-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 5eb56d61e0193ca9d35abacdf0492fd21504eb1e997caea26ff7fdf74fe60d74

open-vm-tools-salt-minion-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: a3122e9cdca82d50485b9cfa76de0859d00efdc4be8f619eead100efe7744f5b

open-vm-tools-sdmp-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: ce1cbb3cde0538cc07ed9ef06949e35f4f41764a3b24fd650189e9ba5d0e5a99

open-vm-tools-sdmp-debuginfo-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: d5888e0f3e96a127991f0f002984ae6a0d46ec21712d968a0a3afbc16cb58f47

open-vm-tools-test-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 0c1ad0f89ac54b541fa4351b076c3312558dfc1779fb859cdb03a3b52260d4d0

open-vm-tools-test-debuginfo-12.1.5-1.el9_2.3.x86_64.rpm

SHA-256: 8b5b625bb39fd3d757161266855ec0ac13eb38116563b3d44f4ec57b209db9b6

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2

SRPM

open-vm-tools-12.1.5-1.el9_2.3.src.rpm

SHA-256: 6507ac575255a0fce19334dea53bba39fd5975299b2797c45681cf51fad9e680

aarch64

open-vm-tools-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: 2119f1c7ad8777b4415c9e33ea29c20f323ec795c58c7e82a8bed23a20a91f45

open-vm-tools-debuginfo-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: 5ce2cccf08f6ae4093f6c3a9670036e9e563c5c3fa9f3ea956c12e657ac7e562

open-vm-tools-debugsource-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: 5e1e96236b49b507cb787144645b357e57f69e6501e5e80da826fa9166239333

open-vm-tools-desktop-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: e405928d67a858bf1bc16f6344d478e70c957cf4698d2fcc958e6dc9dc9a4a8b

open-vm-tools-desktop-debuginfo-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: e2819fde7b837f064079ae71a54131279df52b1535ea2eab78d107b54d5e329f

open-vm-tools-sdmp-debuginfo-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: dfe3235a0d1bbf9dbf51a9551dfe3b373237cd65365117f9462affbdedf3e792

open-vm-tools-test-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: e42958d2be5f64cd916ce6b53593961d23c049b834c1c017d80840f91c0b9a33

open-vm-tools-test-debuginfo-12.1.5-1.el9_2.3.aarch64.rpm

SHA-256: 9e4963a4f3a90cc6c00b333217fd416cfff3b28eded1baee521a7f27c27da9ad

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2023-43057: Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484.

Ubuntu Security Notice USN-6365-2

Ubuntu Security Notice 6365-2 - USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations.

RHSA-2023:5312: Red Hat Security Advisory: open-vm-tools security update

An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20900: An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. This issue may allow a malicious actor with man-in-the-middle (MITM) network positioning between a vCenter server and the virtual machine to bypass SAML token signature verification to perform gues...

Red Hat Security Advisory 2023-5213-01

Red Hat Security Advisory 2023-5213-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-5216-01

Red Hat Security Advisory 2023-5216-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-5217-01

Red Hat Security Advisory 2023-5217-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

RHSA-2023:5218: Red Hat Security Advisory: open-vm-tools security update

An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20900: An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. This issue may allow a malicious actor with man-in-the-middle (MITM) network positioning between a vCenter server and the virtual machine to bypass SAML token signature verification to perform gues...

RHSA-2023:5216: Red Hat Security Advisory: open-vm-tools security update

An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20900: An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. This issue may allow a malicious actor with man-...

RHSA-2023:5213: Red Hat Security Advisory: open-vm-tools security update

An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20900: An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. This issue may allow a malicious actor with man-in-the-middle (MITM) network positioning between a vCenter server and the virtual machine to bypass SAML token signature verification to pe...

Ubuntu Security Notice USN-6365-1

Ubuntu Security Notice 6365-1 - It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations.

Debian Security Advisory 5943-1

Debian Linux Security Advisory 5943-1 - Two security issues have been discovered in the Open VMware Tools, which may result in a man-in-the-middle attack or authentication bypass.

PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability

Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight). The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation. “A