CVE-2021-22003

Summary

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.

Affected Software

VendorProductVersion RangeStatus
n/aVMware Workspace ONE Access and Identity ManagerWorkspace ONE Access 20.10.01, 20.10 & 20.01. Identity Manager 3.3.5, 3.3.4, 3.3.3 & 3.3.2.affected

Weaknesses

  • Information disclosure vulnerability

ADP Enrichment

CVE Program Container

Additional References

References