Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-22002
HistoryAug 31, 2021 - 10:15 p.m.

CVE-2021-22002

2021-08-3122:15:08
CWE-287
[email protected]
web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.5%

JSON

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.

Affected configurations

NVD
Node
linuxlinux_kernelMatch-
AND
vmwareidentity_managerMatch3.3.2
OR
vmwareidentity_managerMatch3.3.3
OR
vmwareidentity_managerMatch3.3.4
OR
vmwareidentity_managerMatch3.3.5
OR
vmwareworkspace_one_accessMatch20.01
OR
vmwareworkspace_one_accessMatch20.10
OR
vmwareworkspace_one_accessMatch20.10.01
Node
vmwarecloud_foundationMatch4.0
OR
vmwarecloud_foundationMatch4.0.1
OR
vmwarecloud_foundationMatch4.1
OR
vmwarecloud_foundationMatch4.1.0.1
OR
vmwarecloud_foundationMatch4.2.1
OR
vmwarevrealize_suite_lifecycle_managerMatch8.0
OR
vmwarevrealize_suite_lifecycle_managerMatch8.0.1
OR
vmwarevrealize_suite_lifecycle_managerMatch8.1
OR
vmwarevrealize_suite_lifecycle_managerMatch8.2

Related

cvelist 1
osv 1
prion 1
cve 1
vmware 1
thn 1
nessus 1
cvelist
cvelist
CVE-2021-22002
2021-08-31 21:02:21
osv
osv
CVE-2021-22002
2021-08-31 22:15:08
prion
prion
Authentication flaw
2021-08-31 22:15:00
cve
cve
CVE-2021-22002
2021-08-31 22:15:08
vmware
vmware
VMware Workspace ONE Access, Identity Manager and vRealize Automation address multiple vulnerabilities (CVE-2021-22002, CVE-2021-22003)
2021-08-05 00:00:00
thn
thn
VMware Issues Patches to Fix Critical Bugs Affecting Multiple Products
2021-08-06 07:12:00
nessus
nessus
VMware Workspace One Access / VMware Identity Manager Multiple Vulnerabilities (VMSA-2021-0016)
2021-08-12 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.5%

JSON
Related for NVD:CVE-2021-22002
cvelist1osv1prion1cve1vmware1thn1nessus1