CVE-2021-22155 — Improper Authentication in Workspaces Server

CWE-287 — Improper Authentication CWE-863 — Incorrect Authorization3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 40.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Blackberry Workspaces Server

Timeline

PublishedMay 13

Latest updateMay 24

Description

An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s account.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDblackberry/workspaces_server9.1+1

🔴Vulnerability Details

GHSA

GHSA-h557-xrrh-37xw: An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10↗2022-05-24

▶

CVEList

CVE-2021-22155: An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10↗2021-05-12

▶