Authentication flaw

2021-08-3122:15:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.5%

JSON

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication.

CPENameOperatorVersion
cloud_foundationeq4.0
cloud_foundationeq4.0.1
cloud_foundationeq4.1
cloud_foundationeq4.2.1
cloud_foundationeq4.1.0.1
identity_managereq3.3.2
identity_managereq3.3.3
identity_managereq3.3.4
identity_managereq3.3.5
vrealize_suite_lifecycle_managereq8.0

Name	Operator	Version
cloud_foundation	eq	4.0
cloud_foundation	eq	4.0.1
cloud_foundation	eq	4.1
cloud_foundation	eq	4.2.1
cloud_foundation	eq	4.1.0.1
identity_manager	eq	3.3.2
identity_manager	eq	3.3.3
identity_manager	eq	3.3.4
identity_manager	eq	3.3.5
vrealize_suite_lifecycle_manager	eq	8.0