Home / Threat Intelligence bulletins / VMware releases patch for information disclosure flaw

Target Industry

Indiscriminate, opportunistic targeting.


VMware has released a patch regarding an information disclosure vulnerability, tracked as CVE-2023-20891 (CVSSv3 score: 6.5). The flaw pertains to VMware Tanzu Application Service for virtual machines (VMs) (TAS for VMs) and Isolation Segment, features that allow enterprises to automatically deploy applications.


Successful exploitation of CVE-2023-20891 could allow a remote threat actor to access Cloud Foundry API admin credentials on unpatched systems in low-complexity attacks. Threat actors who exploit this vulnerability can then utilise the stolen credentials to deploy malicious renditions of applications.

Vulnerability Detection

VMware has released a security update with regards to this vulnerability. As such, previous versions are vulnerable to potential exploitation.

Affected Products

  • VMware Tanzu Application Service for VMs (TAS for VMs)
  • Isolation Segment

Containment, Mitigations & Remediations

It is strongly recommended that TAS for VMs users apply the relevant security update as soon as possible.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

VMware occupies a significant proportion of the virtualisation market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, VMware products have become a prime target for threat actors. Due to the fact that virtual machines have become an integral aspect of both personal and business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive information contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Credential Access Technique

T1212 – Exploitation for Credential Access

Further Information

VMware Security Advisory


An Intelligence Terminology Yardstick to showing the likelihood of events