CVE-2021-22057

CWE-287 — Improper Authentication4 documents4 sources

Severity

8.8HIGH

EPSS

0.5%

top 34.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Workspace ONE Access

Timeline

PublishedDec 20

Latest updateDec 21

Description

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5vmware_workspace_one_accessVMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10

▶NVDvmware/workspace_one_access4 versions+3

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-cvrp-6cg2-w64m: VMware Workspace ONE Access 21↗2021-12-21

▶

CVEList

CVE-2021-22057: VMware Workspace ONE Access 21↗2021-12-20

▶

📋Vendor Advisories

VMware

VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities (CVE-2021-22056, CVE-2021-22057)↗2021-12-17

▶