Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.VMWARE_WORKSPACE_ONE_ACCESS_VMSA-2021-0016.NASL
HistoryAug 12, 2021 - 12:00 a.m.

VMware Workspace One Access / VMware Identity Manager Multiple Vulnerabilities (VMSA-2021-0016)

2021-08-1200:00:00
This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
54

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.5%

JSON

The VMware Workspace One Access (formerly VMware Identity Manager) application running on the remote host is affected by the following vulnerabilities:

  • A security bypass vulnerability exists in due to improper validation of host headers. An unauthenticated, remote attacker can exploit this, via a crafted request with custom host headers, to bypass access restrictions to /cfg web app and other diagnostic endpoints. (CVE-2021-22002)

  • An information disclosure vulnerability exists in due to a login interface on port 7443. An unauthenticated, remote attacker can exploit this, via brute force, to potentially access the service.
    (CVE-2021-22003)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(152534);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/09/13");

  script_cve_id("CVE-2021-22002", "CVE-2021-22003");
  script_xref(name:"VMSA", value:"2021-0016");
  script_xref(name:"IAVA", value:"2021-A-0370");

  script_name(english:"VMware Workspace One Access / VMware Identity Manager Multiple Vulnerabilities (VMSA-2021-0016)");

  script_set_attribute(attribute:"synopsis", value:
"An identity store broker application running on the remote host is affected by a multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The VMware Workspace One Access (formerly VMware Identity Manager) application running on the remote host is affected
by the following vulnerabilities:

  - A security bypass vulnerability exists in due to improper validation of host headers. An unauthenticated,
    remote attacker can exploit this, via a crafted request with custom host headers, to bypass access
    restrictions to /cfg web app and other diagnostic endpoints. (CVE-2021-22002)

  - An information disclosure vulnerability exists in due to a login interface on port 7443. An
    unauthenticated, remote attacker can exploit this, via brute force, to potentially access the service.
    (CVE-2021-22003)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version.");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2021-0016.html");
  script_set_attribute(attribute:"see_also", value:"https://kb.vmware.com/s/article/85254");
  script_set_attribute(attribute:"solution", value:
"Apply the HW-137959 hotfix to VMware Workspace One Access / VMware Identity Manager as per the VMSA-2021-0016 advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-22002");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/08/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/08/12");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:vmware:workspace_one_access");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:identity_manager");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("vmware_workspace_one_access_web_detect.nbin");
  script_require_keys("installed_sw/VMware Workspace ONE Access");

  exit(0);
}

include('audit.inc');
include('http.inc');
include('vcf.inc');
include('vcf_extras.inc');

var app = 'VMware Workspace ONE Access';

get_install_count(app_name:app, exit_if_zero:TRUE);

var port = get_http_port(default:80);

var app_info = vcf::vmware_workspace_one_access::get_app_info(port:port);

var constraints = [
  { 'min_version':'3.3.2.0.0', 'fixed_version':'3.3.2.0.18380333', 'fixed_display':'3.3.2.0 Build 18380333 (HW-137959)' },
  { 'min_version':'3.3.3.0.0', 'fixed_version':'3.3.3.0.18380315', 'fixed_display':'3.3.3.0 Build 18380315 (HW-137959)' },
  { 'min_version':'3.3.4.0.0', 'fixed_version':'3.3.4.0.18380307', 'fixed_display':'3.3.4.0 Build 18380307 (HW-137959)' },
  { 'min_version':'3.3.5.0.0', 'fixed_version':'3.3.5.0.18380290', 'fixed_display':'3.3.5.0 Build 18380290 (HW-137959)' },

  { 'min_version':'20.01.0.0', 'fixed_version':'20.01.0.0.18379902', 'fixed_display':'20.01.0.0 Build 18379902 (HW-137959)' },
  { 'min_version':'20.10.0.0', 'fixed_version':'20.10.0.0.18379838', 'fixed_display':'20.10.0.0 Build 18379838 (HW-137959)' },
  { 'min_version':'20.10.0.1', 'fixed_version':'20.10.0.1.18379838', 'fixed_display':'20.10.0.1 Build 18379838 (HW-137959)' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
vmwareworkspace_one_accessx-cpe:/a:vmware:workspace_one_access
vmwareidentity_managercpe:/a:vmware:identity_manager

Related

vmware 1
thn 1
cvelist 2
nvd 2
prion 2
cve 2
osv 2
vmware
vmware
VMware Workspace ONE Access, Identity Manager and vRealize Automation address multiple vulnerabilities (CVE-2021-22002, CVE-2021-22003)
2021-08-05 00:00:00
thn
thn
VMware Issues Patches to Fix Critical Bugs Affecting Multiple Products
2021-08-06 07:12:00
cvelist
cvelist
CVE-2021-22003
2021-08-31 21:02:31
CVE-2021-22002
2021-08-31 21:02:21
nvd
nvd
CVE-2021-22002
2021-08-31 22:15:08
CVE-2021-22003
2021-08-31 22:15:08
prion
prion
Default credentials
2021-08-31 22:15:00
Authentication flaw
2021-08-31 22:15:00
cve
cve
CVE-2021-22003
2021-08-31 22:15:08
CVE-2021-22002
2021-08-31 22:15:08
osv
osv
CVE-2021-22003
2021-08-31 22:15:08
CVE-2021-22002
2021-08-31 22:15:08

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.5%

JSON
Related for VMWARE_WORKSPACE_ONE_ACCESS_VMSA-2021-0016.NASL
vmware1thn1cvelist2nvd2prion2cve2osv2