{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T14:22:26.776","vulnerabilities":[{"cve":{"id":"CVE-2023-20891","sourceIdentifier":"security@vmware.com","published":"2023-07-26T06:15:10.637","lastModified":"2024-11-21T07:41:45.863","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs."}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:isolation_segment:*:*:*:*:*:*:*:*","versionStartIncluding":"2.11.0","versionEndExcluding":"2.11.35","matchCriteriaId":"8554D488-AB21-4A0B-AA10-CA81836B9335"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:isolation_segment:*:*:*:*:*:*:*:*","versionStartIncluding":"2.13.0","versionEndExcluding":"2.13.20","matchCriteriaId":"15933381-A637-47B0-920C-08ADC5C5B13F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:isolation_segment:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.13","matchCriteriaId":"13991ED6-82C2-40EE-A2BF-31442DA6CCBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:isolation_segment:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.4","matchCriteriaId":"BA407428-AA0E-4BBB-B324-FB03CE68264F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:tanzu_application_service_for_virtual_machines:*:*:*:*:*:*:*:*","versionStartIncluding":"2.11.0","versionEndExcluding":"2.11.42","matchCriteriaId":"D10A0D3F-4BEB-4374-851D-C51953921586"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:tanzu_application_service_for_virtual_machines:*:*:*:*:*:*:*:*","versionStartIncluding":"2.13.0","versionEndExcluding":"2.13.24","matchCriteriaId":"25CF5CBB-6CAE-4A7E-A782-6D9C7C8007CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:tanzu_application_service_for_virtual_machines:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.14","matchCriteriaId":"39F5A99C-2011-434C-9557-E5359ADED750"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:tanzu_application_service_for_virtual_machines:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.5","matchCriteriaId":"82350216-D6EB-42C5-B44D-1227A58E760A"}]}]}],"references":[{"url":"https://www.vmware.com/security/advisories/VMSA-2023-0016.html","source":"security@vmware.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.vmware.com/security/advisories/VMSA-2023-0016.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}