diff --git a/CVE-20230-20900.patch b/CVE-20230-20900.patch
new file mode 100644
index 0000000..2a0fb08
--- /dev/null
+++ b/CVE-20230-20900.patch
@@ -0,0 +1,34 @@
+From eb4f36dfeb8b89443f7d5ade03316ba49a295eee Mon Sep 17 00:00:00 2001
+From: John Wolfe <jwolfe@vmware.com>
+Date: Fri, 18 Aug 2023 11:23:53 -0700
+Subject: [PATCH] Address CVE-2023-20900
+
+VGAuth: Allow only X509 certs to verify the SAML token signature.
+
+---
+ open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
+index f5541a9..0b2a945 100644
+--- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
++++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c
+@@ -1335,7 +1335,14 @@ VerifySignature(xmlDocPtr doc,
+     */
+    bRet = RegisterID(xmlDocGetRootElement(doc), "ID");
+    if (bRet == FALSE) {
+-      g_warning("failed to register ID\n");
++      g_warning("Failed to register ID\n");
++      goto done;
++   }
++
++   /* Use only X509 certs to validate the signature */
++   if (xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),
++                        BAD_CAST xmlSecKeyDataX509Id) < 0) {
++      g_warning("Failed to limit allowed key data\n");
+       goto done;
+    }
+ 
+-- 
+2.6.2
+
diff --git a/open-vm-tools.changes b/open-vm-tools.changes
index 33e54a3..14199c6 100644
--- a/open-vm-tools.changes
+++ b/open-vm-tools.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Aug 28 15:10:27 UTC 2023 - Kirk Allan <kallan@suse.com>
+
+- Fix (bsc#1214566) - (CVE-2023-20900) - VUL-0: CVE-2023-20900:
+  open-vm-tools: SAML token signature bypass vulnerability
+  + Add patch: CVE-20230-20900.patch
+
 -------------------------------------------------------------------
 Tue Jun 27 19:54:05 UTC 2023 - Dirk Müller <dmueller@suse.com>
 
diff --git a/open-vm-tools.spec b/open-vm-tools.spec
index 893bf60..ef8ef7e 100644
--- a/open-vm-tools.spec
+++ b/open-vm-tools.spec
@@ -156,6 +156,7 @@ ExclusiveArch:  %ix86 x86_64 aarch64
 Patch2:         0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch
 Patch3:         0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch
 Patch4:         2023-20867-Remove-some-dead-code.patch
+Patch5:         CVE-20230-20900.patch
 
 #SUSE specific patches
 Patch0:         pam-vmtoolsd.patch
@@ -261,6 +262,7 @@ sed -i -e "s/\r//" README
 %patch2 -p2
 %patch3 -p2
 %patch4 -p2
+%patch5 -p2
 
 #SUSE specific patches
 %patch0 -p2