Vulnerabilities > Vmware > Single Sign ON FOR Tanzu > High

DATE CVE VULNERABILITY TITLE RISK
2020-10-31 CVE-2020-5425 Improper Authentication vulnerability in VMWare Single Sign-On for Tanzu 1.12.0/1.13.0
Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions.
network
high complexity
vmware CWE-287
7.9