VMwareVMSA-2021-0030VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities (CVE-2021-22056, CVE-2021-22057)
3a. Server Side Request Forgery vulnerability in VMware Workspace ONE Access (CVE-2021-22056)
VMware Workspace ONE Access and Identity Manager, contain a Server Side Request Forgery. VMware has evaluated this issue to be of Moderate severity with a maximum CVSSv3 base score of 5.5.
3b.Authentication bypass vulnerability in VMware Workspace ONE Access (CVE-2021-22057)
VMware Workspace ONE Access contains an authentication bypass vulnerability, impacting VMware Verify two factor authentication. VMware has evaluated this issue to be of Moderate severity with a maximum CVSSv3 base score of 6.6.
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22057
docs.vmware.com/en/VMware-Workspace-ONE-Access/21.08.0.1/rn/vmware-workspace-one-access-210801-release-notes/index.html
kb.vmware.com/s/article/87183
kb.vmware.com/s/article/87185
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Related
