Vulnerabilities > Vmware > Single Sign ON FOR Tanzu > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-31 | CVE-2020-5425 | Improper Authentication vulnerability in VMWare Single Sign-On for Tanzu 1.12.0/1.13.0 Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. | 7.9 |