Workspace One Access Security Vulnerabilities and Issues — Workspace One Access CVE List

Lucene search

VmwareWorkspace One Access

4 matches found

CVE•added 2021/08/31 10:15 p.m.•87 views

CVE-2021-22002

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addi...

9.8CVSS9.3AI score0.00398EPSS

CVE•added 2021/08/31 10:15 p.m.•80 views

CVE-2021-22003

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and pa...

7.5CVSS8.6AI score0.00356EPSS

CVE•added 2021/12/20 9:15 p.m.•53 views

CVE-2021-22057

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify.

8.8CVSS8.7AI score0.00167EPSS

CVE•added 2021/12/20 9:15 p.m.•50 views

CVE-2021-22056

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.

7.5CVSS7.6AI score0.00796EPSS