CVE-2020-3975

Name of the Vulnerable Software and Affected Versions: VMware App Volumes versions 2.x prior to 2.18.6 VMware App Volumes 4 versions prior to 2006

Description: The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups may be able to inject malicious script, which will be executed by a victim's browser when viewing. This vulnerability is associated with a lack of protection for the web page structure, allowing a remote attacker to perform cross-site scripting attacks.

Recommendations: For VMware App Volumes 2.x prior to 2.18.6, update to version 2.18.6 or later. For VMware App Volumes 4 prior to 2006, update to version 2006 or later. As a temporary workaround, consider restricting access to create and edit applications or create storage groups to minimize the risk of exploitation.