Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-22003

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.

Published

2021-08-31T22:15:08.367

Last Modified

2024-11-21T05:49:25.333

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-307

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	identity_manager	3.3.2	Yes
Application	vmware	identity_manager	3.3.3	Yes
Application	vmware	identity_manager	3.3.4	Yes
Application	vmware	identity_manager	3.3.5	Yes
Application	vmware	workspace_one_access	20.01	Yes
Application	vmware	workspace_one_access	20.10	Yes
Application	vmware	workspace_one_access	20.10.01	Yes
Operating System	linux	linux_kernel	-	No
Application	vmware	cloud_foundation	4.0	Yes
Application	vmware	cloud_foundation	4.0.1	Yes
Application	vmware	cloud_foundation	4.1	Yes
Application	vmware	cloud_foundation	4.1.0.1	Yes
Application	vmware	cloud_foundation	4.2.1	Yes
Application	vmware	vrealize_suite_lifecycle_manager	8.0	Yes
Application	vmware	vrealize_suite_lifecycle_manager	8.0.1	Yes
Application	vmware	vrealize_suite_lifecycle_manager	8.1	Yes
Application	vmware	vrealize_suite_lifecycle_manager	8.2	Yes

References

https://www.vmware.com/security/advisories/VMSA-2021-0016.html Patch, Vendor Advisory ([email protected])
https://www.vmware.com/security/advisories/VMSA-2021-0016.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)