CVE-2021-22003

CWE-3074 documents4 sources

Severity

7.5HIGH

EPSS

0.3%

top 49.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Cloud Foundation Vmware Identity Manager Vmware Vrealize Suite Lifecycle Manager +1 more

Timeline

PublishedAug 31

Latest updateMay 24

Description

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5vmware_workspace_one_access_and_identity_managerWorkspace ONE Access 20.10.01, 20.10 & 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 & 3.3.2.

▶NVDvmware/workspace_one_access20.01, 20.10, 20.10.01+2

▶NVDvmware/identity_manager4 versions+3

▶NVDvmware/vrealize_suite_lifecycle_manager4 versions+3

▶NVDvmware/cloud_foundation5 versions+4

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-24wr-gx4f-pwrh: VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443↗2022-05-24

▶

CVEList

CVE-2021-22003: VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443↗2021-08-31

▶

📋Vendor Advisories

VMware

VMware Workspace ONE Access, Identity Manager and vRealize Automation address multiple vulnerabilities (CVE-2021-22002, CVE-2021-22003)↗2021-08-05

▶