VMware fixes bug exposing CF API admin credentials in audit logs


Due to credentials being logged and exposed via system audit logs, VMware Tanzu Application Service for VMs and Isolation Segment had an information exposure vulnerability that was addressed. Businesses may automate the deployment of apps across on-premises infrastructure and public and private clouds with the aid of TAS for VMs.

The security hole corrected by VMware today, CVE-2023-20891, would enable remote attackers with limited access to obtain admin credentials for the Cloud Foundry API on unpatched systems, enabling low-complexity attacks that don’t necessitate user interaction.

Read More…