Lucene search

[email protected]CVE-2021-22003

HistoryAug 31, 2021 - 10:15 p.m.

CVE-2021-22003

2021-08-3122:15:08

CWE-307

[email protected]

web.nvd.nist.gov

cve-2021-22003

vmware

workspace one access

identity manager

port 7443

security vulnerability

user enumeration

brute force

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.6%

JSON

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.

Affected configurations

NVD

Node

linuxlinux_kernelMatch-

AND

vmwareidentity_managerMatch3.3.2

vmwareidentity_managerMatch3.3.3

vmwareidentity_managerMatch3.3.4

vmwareidentity_managerMatch3.3.5

vmwareworkspace_one_accessMatch20.01

vmwareworkspace_one_accessMatch20.10

vmwareworkspace_one_accessMatch20.10.01

Node

vmwarecloud_foundationMatch4.0

vmwarecloud_foundationMatch4.0.1

vmwarecloud_foundationMatch4.1

vmwarecloud_foundationMatch4.1.0.1

vmwarecloud_foundationMatch4.2.1

vmwarevrealize_suite_lifecycle_managerMatch8.0

vmwarevrealize_suite_lifecycle_managerMatch8.0.1

vmwarevrealize_suite_lifecycle_managerMatch8.1

vmwarevrealize_suite_lifecycle_managerMatch8.2

CPENameOperatorVersion
vmware:identity_managervmware identity managereq3.3.2
vmware:identity_managervmware identity managereq3.3.3
vmware:identity_managervmware identity managereq3.3.4
vmware:identity_managervmware identity managereq3.3.5
vmware:workspace_one_accessvmware workspace one accesseq20.01
vmware:workspace_one_accessvmware workspace one accesseq20.10
vmware:workspace_one_accessvmware workspace one accesseq20.10.01

CPE	Name	Operator	Version
vmware:identity_manager	vmware identity manager	eq	3.3.2
vmware:identity_manager	vmware identity manager	eq	3.3.3
vmware:identity_manager	vmware identity manager	eq	3.3.4
vmware:identity_manager	vmware identity manager	eq	3.3.5
vmware:workspace_one_access	vmware workspace one access	eq	20.01
vmware:workspace_one_access	vmware workspace one access	eq	20.10
vmware:workspace_one_access	vmware workspace one access	eq	20.10.01

CNA Affected

[
  {
    "product": "VMware Workspace ONE Access and Identity Manager",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Workspace ONE Access 20.10.01, 20.10 & 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 & 3.3.2."
      }
    ]
  }
]